aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules
diff options
context:
space:
mode:
authorFlorian Reimair <florian.reimair@iaik.tugraz.at>2016-01-15 15:24:19 +0100
committerFlorian Reimair <florian.reimair@iaik.tugraz.at>2016-01-15 15:24:50 +0100
commita8a923ddda874437efb87c9fdecfb65dd722fed0 (patch)
tree25d7a037e289e56fca051bc2da351cd03b0847bb /id/server/modules
parenteecc9331869975937ec8c191a769b5939f8c01c1 (diff)
downloadmoa-id-spss-a8a923ddda874437efb87c9fdecfb65dd722fed0.tar.gz
moa-id-spss-a8a923ddda874437efb87c9fdecfb65dd722fed0.tar.bz2
moa-id-spss-a8a923ddda874437efb87c9fdecfb65dd722fed0.zip
moa can do outbound eidas
Diffstat (limited to 'id/server/modules')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java116
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java63
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java18
3 files changed, 192 insertions, 5 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 3144d08e8..6adefdb86 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -22,14 +22,45 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.eidas;
+import java.io.StringWriter;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.Map.Entry;
+
+import iaik.pkcs.pkcs11.objects.Object;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.springframework.format.datetime.DateFormatter;
+
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASStatusCode;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
+import eu.eidas.auth.engine.core.eidas.EidasConstants;
+import eu.eidas.auth.engine.metadata.MetadataUtil;
+import eu.stork.peps.auth.commons.PEPSUtil;
+
/**
* Second request step - after authentication of the user is done and moasession obtained,
@@ -42,7 +73,90 @@ public class AuthenticationRequest implements IAction {
@Override
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
- // TODO Auto-generated method stub
+ EIDASData eidasRequest;
+ if(req instanceof EIDASData)
+ eidasRequest = (EIDASData) req;
+ else
+ throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
+
+
+ // gather attributes
+ MOAPersonalAttributeList resultingAttributeList = (MOAPersonalAttributeList) eidasRequest.getEidasRequestedAttributes().clone();
+
+ for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
+ String newValue = "";
+
+ switch(current.getKey()) {
+ case "DateOfBirth": newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
+ case "CurrentFamilyName": newValue = authData.getFamilyName();break;
+ case "CurrentGivenName": newValue = authData.getGivenName();break;
+ case "PersonIdentifier": newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
+ eidasRequest.getTarget()); break;
+ }
+
+ if("".equals(newValue))
+ current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
+ else {
+ current.getValue().getValue().clear();
+ current.getValue().getValue().add(newValue);
+ current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString());
+ }
+ }
+
+ // construct eIDaS response
+ EIDASAuthnResponse response = new EIDASAuthnResponse();
+ response.setPersonalAttributeList(resultingAttributeList);
+ response.setIssuer("http://localhost:12344/moa-id-auth/eidas/metadata");
+ response.setAssuranceLevel(authData.getEIDASQAALevel());
+
+ String token = null;
+ try {
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
+ // check if we have the destination available, supply it if not
+ if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
+ String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+ new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()),
+ engine,
+ eidasRequest.getEidasRequest());
+ eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+ }
+
+ response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
+
+
+ token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+ } catch(Exception e) {
+ e.printStackTrace();
+ }
+
+ // send the response
+ try {
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
+
+ context.put("SAMLResponse", token);
+ Logger.debug("SAMLResponse original: " + token);
+
+ Logger.debug("Putting assertion consumer url as action: " + eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
+ context.put("action", eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
+ Logger.trace("Starting template merge");
+ StringWriter writer = new StringWriter();
+
+ Logger.trace("Doing template merge");
+ template.merge(context, writer);
+ Logger.trace("Template merge done");
+
+ Logger.trace("Sending html content: " + writer.getBuffer().toString());
+ Logger.trace("Sending html content2 : " + new String(writer.getBuffer()));
+
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+
+ } catch (Exception e) {
+ Logger.error("Velocity error: " + e.getMessage());
+ }
+
return null;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 6f9a04e28..0bedf0432 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -4,10 +4,11 @@ import java.util.List;
import org.opensaml.saml2.core.Attribute;
+import eu.eidas.auth.commons.EIDASAuthnRequest;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
-public class EIDASRequest extends RequestImpl {
+public class EIDASData extends RequestImpl {
/** The Constant serialVersionUID. */
private static final long serialVersionUID = 8765755670214923910L;
@@ -15,9 +16,69 @@ public class EIDASRequest extends RequestImpl {
/** The attributes requested by the eIDaS. */
private MOAPersonalAttributeList attributes;
+ /** The incoming eIDaS SAML2 AuthnRequest. */
+ private EIDASAuthnRequest authnRequest;
+
+ /** The ip address of the requester. */
+ private String remoteIPAddress;
+
@Override
public List<Attribute> getRequestedAttributes() {
// TODO Auto-generated method stub
return null;
}
+
+ /**
+ * Gets the eidas requested attributes.
+ *
+ * @return the requested attributes
+ */
+ public MOAPersonalAttributeList getEidasRequestedAttributes() {
+ return (MOAPersonalAttributeList) attributes.clone();
+ }
+
+ /**
+ * Sets the eidas requested attributes.
+ *
+ * @param personalAttributeList the requested attributes
+ */
+ public void setEidasRequestedAttributes(MOAPersonalAttributeList personalAttributeList) {
+ attributes = personalAttributeList;
+ }
+
+ /**
+ * Gets the eidas request.
+ *
+ * @return the eidas request
+ */
+ public EIDASAuthnRequest getEidasRequest() {
+ return authnRequest;
+ }
+
+ /**
+ * Sets the eidas request.
+ *
+ * @param request the new eidas request
+ */
+ public void setEidasRequest(EIDASAuthnRequest request) {
+ authnRequest = request;
+ }
+
+ /**
+ * Gets the remote address.
+ *
+ * @return the remote address
+ */
+ public String getRemoteAddress() {
+ return remoteIPAddress;
+ }
+
+ /**
+ * Sets the remote address.
+ *
+ * @param remoteIP the new remote address
+ */
+ public void setRemoteAddress(String remoteIP) {
+ remoteIPAddress = remoteIP;
+ }
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 3e2122315..a94e136b4 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.eidas;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -101,12 +102,23 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
// memorize important stuff
- EIDASRequest result = new EIDASRequest();
+ EIDASData result = new EIDASData();
+
+ // - memorize remote ip
+ result.setRemoteAddress(request.getRemoteAddr());
+
+ // - memorize country code of target country
+ result.setTarget(samlReq.getCountry());
+
// - memorize requested attributes
- // TODO memorize requested attributes
+ result.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
+ // - memorize whole request
+ samlReq.setPersonalAttributeList(result.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
+ result.setEidasRequest(samlReq);
+
// - memorize OA url
- result.setOAURL("https://demo.a-sit.at/EidasNode"); // TODO use metadata url?
+ result.setOAURL(samlReq.getIssuer());
// - memorize OA config
OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL());