PVP2 Mandates prof rep done

author: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> 2013-06-26 09:53:54 +0200
committer: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> 2013-06-26 09:53:54 +0200
commit: 36fccc971da91b5bfa0eb2adbee2c086e2ac3862 (patch)
tree: 1836fe6906822a0ebe03b7e0b03a294179f8ae05 /id/server
parent: c7f3a798a9d220e39a8d8ac7b0c1dc159094a110 (diff)
download: moa-id-spss-36fccc971da91b5bfa0eb2adbee2c086e2ac3862.tar.gz
moa-id-spss-36fccc971da91b5bfa0eb2adbee2c086e2ac3862.tar.bz2
moa-id-spss-36fccc971da91b5bfa0eb2adbee2c086e2ac3862.zip
11 files changed, 185 insertions, 35 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
index e9d802e17..1d51d91f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -7,6 +7,7 @@ import org.apache.velocity.app.VelocityEngine;
 import org.apache.velocity.runtime.RuntimeConstants;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder;
 import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.saml2.core.StatusResponseType;
@@ -61,11 +62,10 @@ public class ArtifactBinding implements IDecoder, IEncoder {
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 			SingleSignOnService service = new SingleSignOnServiceBuilder()
 					.buildObject();
-			service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact");
+			service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
 			service.setLocation(targetLocation);
 			context.setOutboundSAMLMessageSigningCredential(credentials);
 			context.setPeerEntityEndpoint(service);
-			// context.setOutboundMessage(authReq);
 			context.setOutboundSAMLMessage(response);
 			context.setOutboundMessageTransport(responseAdapter);
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 0820b5d4f..04ec3eaee 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -73,12 +73,7 @@ public class SoapBinding implements IDecoder, IEncoder {
 			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
 					resp, true);
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
-			service.setLocation(targetLocation);
 			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
 			context.setOutboundSAMLMessage(response);
 			context.setOutboundMessageTransport(responseAdapter);
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 8bdfe3e5d..1962d1c7b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNat
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
@@ -63,6 +64,7 @@ public class PVPAttributeBuilder {
 		addBuilder(new MandateProfRepOIDAttributeBuilder());
 		addBuilder(new MandateProfRepDescAttributeBuilder());
 		addBuilder(new MandateReferenceValueAttributeBuilder());
+		addBuilder(new MandateFullMandateAttributeBuilder());
 	}
 
 	public static Attribute buildAttribute(String name,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
new file mode 100644
index 000000000..9e51f97ae
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.io.IOException;
+
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder {
+
+	public String getName() {
+		return MANDATE_FULL_MANDATE_NAME;
+	}
+
+	public Attribute build(AuthenticationSession authSession)
+			throws PVP2Exception {
+		if (authSession.getUseMandate()) {
+			if (authSession.getMandate() != null) {
+				String fullMandate;
+				try {
+					fullMandate = DOMUtils.serializeNode(authSession
+							.getMandate());
+					return buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+							MANDATE_FULL_MANDATE_NAME, fullMandate);
+				} catch (TransformerException e) {
+					Logger.error("Failed to generate Full Mandate", e);
+				} catch (IOException e) {
+					Logger.error("Failed to generate Full Mandate", e);
+				}
+			}
+		}
+		return null;
+
+	}
+
+	public Attribute buildEmpty() {
+		return buildemptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+				MANDATE_FULL_MANDATE_NAME);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
index 8588b6424..6a066874a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -3,11 +3,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
 import org.opensaml.saml2.core.Attribute;
 import org.w3c.dom.Element;
 
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
 
 public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder {
 
@@ -21,14 +21,17 @@ public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder {
 			if(mandate == null) {
 				throw new NoMandateDataAvailableException();
 			}
-			Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-			if(mandateObject == null) {
-				throw new NoMandateDataAvailableException();
+			
+			String text = AttributeExtractor.extractSAMLAttributeOA(
+					ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,  
+					authSession);
+			
+			if(text == null) {
+				return null;
 			}
 			
-			//TODO: extract PROF REP DESCRIPTION
 			return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, 
-					MANDATE_PROF_REP_DESC_NAME, "TODO");
+					MANDATE_PROF_REP_DESC_NAME, text);
 			
 		}
 		return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index 9f655761b..ddc7f6671 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -3,11 +3,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
 import org.opensaml.saml2.core.Attribute;
 import org.w3c.dom.Element;
 
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
 
 public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder {
 
@@ -21,14 +21,17 @@ public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder {
 			if(mandate == null) {
 				throw new NoMandateDataAvailableException();
 			}
-			Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-			if(mandateObject == null) {
-				throw new NoMandateDataAvailableException();
+			
+			String oid = AttributeExtractor.extractSAMLAttributeOA(
+					ParepValidator.EXT_SAML_MANDATE_OID,  
+					authSession);
+			
+			if(oid == null) {
+				return null;
 			}
 			
-			//TODO: extract PROF REP OID
 			return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, 
-					MANDATE_PROF_REP_OID_NAME, "TODO");
+					MANDATE_PROF_REP_OID_NAME, oid);
 			
 		}
 		return null;
@@ -40,3 +43,4 @@ public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder {
 				MANDATE_PROF_REP_OID_NAME);
 	}
 }
+ 
+\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
new file mode 100644
index 000000000..61c41d82b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class RequestDeniedException extends PVP2Exception {
+
+	public RequestDeniedException() {
+		super("pvp2.14", null);
+		this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
+	}
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 4415896615794730553L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index 3d2bd33b0..c18296383 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -8,9 +8,13 @@ import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry
 import org.opensaml.saml2.core.ArtifactResolve;
 import org.opensaml.saml2.core.ArtifactResponse;
 
+import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
 
 public class ArtifactResolution implements IRequestHandler {
 
@@ -19,24 +23,33 @@ public class ArtifactResolution implements IRequestHandler {
 	}
 
 	public void process(MOARequest obj, HttpServletRequest req,
-			HttpServletResponse resp) {
-		if(!handleObject(obj)) {
-			// TODO: throw exception
-			return;
+			HttpServletResponse resp) throws MOAIDException {
+		if (!handleObject(obj)) {
+			throw new MOAIDException("pvp2.13", null);
 		}
-		
-		ArtifactResolve artifactResolve = (ArtifactResolve)obj.getSamlRequest();
+
+		ArtifactResolve artifactResolve = (ArtifactResolve) obj
+				.getSamlRequest();
 		String artifactID = artifactResolve.getArtifact().getArtifact();
-		
+
 		PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance();
-		if(!pvpAssertion.contains(artifactID)) {
-			// TODO: send not found ...
+
+		if (!pvpAssertion.contains(artifactID)) {
+			throw new RequestDeniedException();
 		} else {
-			SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID);
-			ArtifactResponse response = SAML2Utils.createSAMLObject(ArtifactResponse.class);
-			response.setMessage(assertion.getSamlMessage());
-			response.setIssueInstant(new DateTime());
+			try {
+				SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID);
+				ArtifactResponse response = SAML2Utils
+						.createSAMLObject(ArtifactResponse.class);
+				response.setMessage(assertion.getSamlMessage());
+				response.setIssueInstant(new DateTime());
+				SoapBinding encoder = new SoapBinding();
+				encoder.encodeRespone(req, resp, response, null);
+			} catch (Exception e) {
+				Logger.error("Failed to resolve artifact", e);
+			}
 		}
+
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index 29c960dd6..9121f7558 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -27,6 +27,7 @@ public class RequestManager {
 	private RequestManager() {
 		handler = new ArrayList<IRequestHandler>();
 		handler.add(new AuthnRequestHandler());
+		handler.add(new ArtifactResolution());
 	}
 	
 	public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp) 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
new file mode 100644
index 000000000..a59fc17c5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
@@ -0,0 +1,66 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.Iterator;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+
+public class AttributeExtractor {
+	
+	public static String extractSAMLAttributeOA(String name, 
+			AuthenticationSession authSession) {
+		List extAttributes = authSession.getExtendedSAMLAttributesOA();
+		if(extAttributes == null) {
+			return null;
+		}
+		Iterator extAttributesIt = extAttributes.iterator();
+		String value = null;
+		while(extAttributesIt.hasNext()) {
+			Object attr = extAttributesIt.next();
+			if(attr instanceof ExtendedSAMLAttribute) {
+				ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
+				if(extAttribute.getName().equals(name)) {
+					if(extAttribute.getValue() instanceof String) {
+						return extAttribute.getValue().toString();
+					}
+					break;
+				}
+			}
+		}
+		return null;
+	}
+	
+	public static String extractSAMLAttributeAUTH(String name, 
+			AuthenticationSession authSession) {
+		List extAttributes = authSession.getExtendedSAMLAttributesAUTH();
+		if(extAttributes == null) {
+			return null;
+		}
+		Iterator extAttributesIt = extAttributes.iterator();
+		String value = null;
+		while(extAttributesIt.hasNext()) {
+			Object attr = extAttributesIt.next();
+			if(attr instanceof ExtendedSAMLAttribute) {
+				ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
+				if(extAttribute.getName().equals(name)) {
+					if(extAttribute.getValue() instanceof String) {
+						return extAttribute.getValue().toString();
+					}
+					break;
+				}
+			}
+		}
+		return null;
+	}
+	
+	public static String extractSAMLAttributeBOTH(String name, 
+			AuthenticationSession authSession) {
+		String value = extractSAMLAttributeOA(name, authSession);
+		if(value == null) {
+			value = extractSAMLAttributeAUTH(name, authSession);
+		}
+		return value;
+	}
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index aa0418e77..369cbd5b6 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -199,4 +199,5 @@ pvp2.09=SAML Anfrage wird nicht unterstuetzt
 pvp2.10=Attribut {0} nicht verfuegbar
 pvp2.11=Binding {0} wird nicht unterstuetzt
 pvp2.12=NameID Format {0} wird nicht unterstuetzt
-pvp2.13=Interner Server Fehler
-\ No newline at end of file
+pvp2.13=Interner Server Fehler
+pvp2.14=SAML Anfrage verweigert
+\ No newline at end of file
author	Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>	2013-06-26 09:53:54 +0200
committer	Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>	2013-06-26 09:53:54 +0200
commit	36fccc971da91b5bfa0eb2adbee2c086e2ac3862 (patch)
tree	1836fe6906822a0ebe03b7e0b03a294179f8ae05 /id/server
parent	c7f3a798a9d220e39a8d8ac7b0c1dc159094a110 (diff)
download	moa-id-spss-36fccc971da91b5bfa0eb2adbee2c086e2ac3862.tar.gz moa-id-spss-36fccc971da91b5bfa0eb2adbee2c086e2ac3862.tar.bz2 moa-id-spss-36fccc971da91b5bfa0eb2adbee2c086e2ac3862.zip