aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorBojan Suzic <bojan.suzic@iaik.tugraz.at>2014-03-03 14:03:38 +0100
committerBojan Suzic <bojan.suzic@iaik.tugraz.at>2014-03-03 14:03:38 +0100
commit142bf6e5c229aa523e5c1363716d011df6d6af93 (patch)
tree21f0d8faedc73799f921ea3de56e5c116c22177d /id/server
parent7767c1c7fe237ec729d98d66577f8a247c622d85 (diff)
downloadmoa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.tar.gz
moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.tar.bz2
moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.zip
attr supporT
Diffstat (limited to 'id/server')
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml17
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml12
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java95
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java)46
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java25
7 files changed, 222 insertions, 76 deletions
diff --git a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
index 75245d8f0..166a48ff8 100644
--- a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
@@ -33,6 +33,23 @@
</configuration>
</instance>
+
+ <instance name="incoming_attr">
+ <!-- Configurations parameters StorkSamlEngine -->
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_incoming_attr.xml" />
+ </configuration>
+
+ <!-- Settings module signature-->
+ <configuration name="SignatureConf">
+ <!-- Specific signature module -->
+ <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <!-- Settings specific module -->
+ <parameter name="fileConfiguration" value="SignModule_incoming_attr.xml" />
+ </configuration>
+ </instance>
+
+
<instance name="VIDP">
<!-- Configurations parameters StorkSamlEngine -->
<configuration name="SamlEngineConf">
diff --git a/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml b/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml
new file mode 100644
index 000000000..68b15e667
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
+ <entry key="serialNumber">4BA89DB2</entry>
+ <entry key="keystoreType">JKS</entry>
+</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
new file mode 100644
index 000000000..fb786529a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+ <comment>SAML constants for AuthnRequests and Responses.</comment>
+
+ <!--
+ Types of consent obtained from the user for this authentication and
+ data transfer.
+ Allow values: 'unspecified'.
+ -->
+ <entry key="consentAuthnRequest">unspecified</entry>
+
+ <!--
+ Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
+ -->
+ <entry key="consentAuthnResponse">obtained</entry>
+
+ <!--URI representing the classification of the identifier
+ Allow values: 'entity'.
+ -->
+ <entry key="formatEntity">entity</entry>
+
+ <!--Only HTTP-POST binding is only supported for inter PEPS-->
+ <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
+ <entry key="protocolBinding">HTTP-POST</entry>
+
+
+
+
+ <!--URI representing the classification of the identifier
+ Allow values: 'entity'.
+ <entry key="eIDSectorShare">true</entry>
+ <entry key="eIDCrossSectorShare">true</entry>
+ <entry key="eIDCrossBorderShare">true</entry>
+ -->
+
+
+
+ <!-- A friendly name for the attribute that can be displayed to a user -->
+ <entry key="friendlyName">false</entry>
+
+ <!-- A friendly name for the attribute that can be displayed to a user -->
+ <entry key="isRequired">true</entry>
+
+ <!--PEPS in the Service Provider's country-->
+ <entry key="requester">http://S-PEPS.gov.xx</entry>
+
+ <!--PEPS in the citizen's origin country-->
+ <entry key="responder">http://C-PEPS.gov.xx</entry>
+
+ <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
+ <entry key="timeNotOnOrAfter">300</entry>
+
+ <!--Validation IP of the response-->
+ <entry key="ipAddrValidation">false</entry>
+
+
+ <!--Subject Attribute Definitions-->
+ <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
+ <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
+ <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
+ <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
+ <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
+ <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
+ <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
+ <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
+ <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
+ <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
+ <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
+ <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
+ <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
+ <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
+ <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
+ <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
+
+ <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
+ <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
+
+ <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
+ <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
+
+ <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
+ <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
+
+ <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
+ <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
+ <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
+ <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
+ <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
+ <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
+
+</properties>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index e10c4d9d9..91326a51d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -3,91 +3,77 @@ package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
-import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
-import edu.emory.mathcs.backport.java.util.Collections;
-import eu.stork.peps.auth.commons.*;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import org.apache.commons.io.IOUtils;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
-import org.opensaml.xml.util.Base64;
-import org.opensaml.xml.util.XMLHelper;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.*;
-import java.util.HashMap;
-import eu.stork.peps.auth.engine.SAMLEngine;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
/**
+ * Second request step - after authentication of the user is done and moasession obtained,
+ * process request and forward the user further to PEPS and/or other entities
+ *
* @author bsuzic
- * Date: 12/3/13, Time: 2:08 PM
*/
public class AuthenticationRequest implements IAction {
- /*
- Second request step - after authentication of the user is done and moasession obtained,
- process request and forward the user further to PEPS and/or other entities
- */
private VelocityEngine velocityEngine;
private AuthenticationSession moaSession;
- private MOASTORKAuthnRequest moaStorkAuthnRequest;
+ private MOASTORKRequest moaStorkRequest;
public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
this.moaSession = moasession;
- this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req;
-
- try {
- MISMandate mandate = moasession.getMISMandate();
- String owbpk = mandate.getOWbPK();
- byte[] mand = mandate.getMandate();
- String profprep = mandate.getProfRep();
- //String textdesc = mandate.getTextualDescriptionOfOID();
- Element mndt = moasession.getMandate();
+ this.moaStorkRequest = (MOASTORKRequest) req;
+
+ if (moasession.getUseMandate()) {
+ try {
+ MISMandate mandate = moasession.getMISMandate();
+ String owbpk = mandate.getOWbPK();
+ byte[] mand = mandate.getMandate();
+ String profprep = mandate.getProfRep();
+ //String textdesc = mandate.getTextualDescriptionOfOID();
+ Element mndt = moasession.getMandate();
+
+ iterate(mndt.getAttributes());
+ Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
+ } catch (Exception x) {
+ Logger.debug("There is no mandate used in transaction");
+ }
+ }
- iterate(mndt.getAttributes());
- Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
- } catch (Exception x) {}
Logger.debug("Starting AuthenticationRequest");
- //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession);
- Logger.debug("Http Response: " + httpResp.toString() + ", ");
- Logger.debug("Remote user: " + httpReq.getRemoteAddr());
- Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget());
httpResp.reset();
STORKAuthnResponse authnResponse = new STORKAuthnResponse();
- authnResponse.setCountry(((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getSpCountry());
-
+ authnResponse.setCountry(((MOASTORKRequest) req).getStorkAuthnRequest().getSpCountry());
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() });
+ throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
// Prepare basic AT attributes
try {
- IPersonalAttributeList moaAttrList = moasession.getStorkAttributes();
+ IPersonalAttributeList moaAttrList = moasession.getStorkAttributes();
Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size());
@@ -114,13 +100,13 @@ public class AuthenticationRequest implements IAction {
DataContainer container = new DataContainer();
// - fill in the request we extracted above
- container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest());
-
+ container.setRequest(((MOASTORKRequest) req).getStorkAuthnRequest());
+
// - fill in the partial response created above
container.setResponse(authnResponse);
-
+
// - memorize the target url were we have to return the result
- container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
+ container.setTarget(((MOASTORKRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
container.setRemoteAddress(httpReq.getRemoteAddr());
@@ -141,24 +127,25 @@ public class AuthenticationRequest implements IAction {
Logger.debug("--Attribute: "
+ attributesList.item(j).getNodeName() + " = "
+ attributesList.item(j).getNodeValue());
- } }
+ }
+ }
public PersonalAttributeList populateAttributes() {
- IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList();
- Logger.info("Found " + attrLst.size() + " personal attributes in the request." );
+ IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
+ Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
// Define attribute list to be populated
PersonalAttributeList attributeList = new PersonalAttributeList();
- MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkAuthnRequest);
+ MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest);
try {
for (PersonalAttribute personalAttribute : attrLst) {
Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
}
- } catch (Exception e) {
+ } catch (Exception e) {
Logger.error("Exception, attributes: " + e.getMessage());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 190a0d27c..d89fb8cb2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -22,7 +22,7 @@ public class MOAAttributeProvider {
private final IdentityLink identityLink;
private static final Map<String, String> storkAttributeSimpleMapping;
private static final Map<String, String> storkAttributeFunctionMapping;
- private final MOASTORKAuthnRequest moastorkAuthnRequest;
+ private final MOASTORKRequest moastorkRequest;
static {
Map<String, String> tempSimpleMap = new HashMap<String, String>();
@@ -35,9 +35,9 @@ public class MOAAttributeProvider {
storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap);
}
- public MOAAttributeProvider(IdentityLink identityLink, MOASTORKAuthnRequest moastorkAuthnRequest) {
+ public MOAAttributeProvider(IdentityLink identityLink, MOASTORKRequest moastorkRequest) {
this.identityLink = identityLink;
- this.moastorkAuthnRequest = moastorkAuthnRequest;
+ this.moastorkRequest = moastorkRequest;
Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue());
}
@@ -70,9 +70,9 @@ public class MOAAttributeProvider {
}
private String geteIdentifier() {
- Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry());
+ Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry());
try {
- return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry());
+ return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkRequest.getStorkAuthnRequest().getSpCountry());
} catch (BuildException be) {
Logger.error("Stork eid could not be constructed; " + be.getMessage());
return null; // TODO error
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index cee64e16e..8c7fd8706 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -1,52 +1,76 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import org.opensaml.common.xml.SAMLConstants;
/**
+ * Implements MOA request and stores StorkAuthnRequest related data
+ *
* @author bsuzic
- * Date: 12/4/13, Time: 6:31 PM
*/
-public class MOASTORKAuthnRequest implements IRequest {
+public class MOASTORKRequest implements IRequest {
private String requestID;
private String target = null;
String module = null;
String action = null;
private STORKAuthnRequest storkAuthnRequest;
+ private STORKAttrQueryRequest storkAttrQueryRequest;
+ private boolean isAttrRequest = false;
+ private boolean isAuthnRequest = false;
public void setSTORKAuthnRequest(STORKAuthnRequest request) {
this.storkAuthnRequest = request;
+ if (request != null) {
+ isAuthnRequest = true;
+ }
}
+ public void setSTORKAttrRequest(STORKAttrQueryRequest request) {
+ this.storkAttrQueryRequest = request;
+ if (request != null) {
+ isAttrRequest = true;
+ }
+
+ }
+
+ public boolean isAttrRequest() {
+ return this.isAttrRequest;
+ }
+
+ public boolean isAuthnRequest() {
+ return this.isAuthnRequest;
+ }
+
+
public STORKAuthnRequest getStorkAuthnRequest() {
return this.storkAuthnRequest;
}
public String getOAURL() {
- return "https://sp:8889/SP"; //
+ return storkAuthnRequest.getAssertionConsumerServiceURL();
}
public boolean isPassiv() {
- return false; //
+ return false;
}
public boolean forceAuth() {
- return false; //
+ return false;
}
public boolean isSSOSupported() {
- return false; //
+ return false;
}
public String requestedModule() {
- return this.module; //
+ return this.module;
}
public String requestedAction() {
- return action; //
+ return action;
}
public void setModule(String module) {
@@ -58,7 +82,7 @@ public class MOASTORKAuthnRequest implements IRequest {
}
public String getTarget() {
- return this.target; //
+ return this.target;
}
public void setRequestID(String id) {
@@ -66,6 +90,6 @@ public class MOASTORKAuthnRequest implements IRequest {
}
public String getRequestID() {
- return this.requestID; //
+ return this.requestID;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 042d61080..28a516d2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -5,13 +5,12 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.ws.transport.http.HTTPInTransport;
import org.opensaml.ws.transport.http.HTTPOutTransport;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
@@ -20,7 +19,6 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.util.Collections;
import java.util.HashMap;
/**
@@ -81,6 +79,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext();
samlMessageContext.setInboundMessageTransport(profileReq);
+/*
HTTPPostDecoder postDecoder = new HTTPPostDecoder();
postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator
@@ -90,8 +89,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
} catch (Exception e) {
Logger.error("Error decoding STORKAuthnRequest", e);
}
+*/
- MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest();
+ MOASTORKRequest STORK2Request = new MOASTORKRequest();
//extract STORK Response from HTTP Request
@@ -99,7 +99,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
try {
decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest"));
} catch(NullPointerException e) {
- Logger.error("Unable to retrieve STORK Response", e);
+ Logger.error("Unable to retrieve STORK Request", e);
throw new MOAIDException("stork.04", null);
}
@@ -107,13 +107,26 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming");
STORKAuthnRequest authnRequest = null;
+ STORKAttrQueryRequest attrRequest = null;
+ // check if valid authn request is contained
try {
authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);
} catch (STORKSAMLEngineException ex) {
Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() );
}
+
+ // check if a valid attr request is container
+ try {
+ attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken);
+ } catch (STORKSAMLEngineException ex) {
+ Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() );
+ }
+
+
+
+
Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL());
Logger.error("cc " + authnRequest.getCitizenCountryCode());
Logger.error("iss " + authnRequest.getIssuer());
@@ -121,7 +134,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
Logger.error("spi " + authnRequest.getSpInstitution());
STORK2Request.setSTORKAuthnRequest(authnRequest);
-
+ STORK2Request.setSTORKAttrRequest(attrRequest);
return STORK2Request;
}