diff options
author | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-03-03 14:03:38 +0100 |
---|---|---|
committer | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-03-03 14:03:38 +0100 |
commit | 142bf6e5c229aa523e5c1363716d011df6d6af93 (patch) | |
tree | 21f0d8faedc73799f921ea3de56e5c116c22177d /id/server | |
parent | 7767c1c7fe237ec729d98d66577f8a247c622d85 (diff) | |
download | moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.tar.gz moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.tar.bz2 moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.zip |
attr supporT
Diffstat (limited to 'id/server')
-rw-r--r-- | id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml | 17 | ||||
-rw-r--r-- | id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml | 12 | ||||
-rw-r--r-- | id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml | 93 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 95 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java | 10 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java) | 46 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java | 25 |
7 files changed, 222 insertions, 76 deletions
diff --git a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml index 75245d8f0..166a48ff8 100644 --- a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml +++ b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml @@ -33,6 +33,23 @@ </configuration> </instance> + + <instance name="incoming_attr"> + <!-- Configurations parameters StorkSamlEngine --> + <configuration name="SamlEngineConf"> + <parameter name="fileConfiguration" value="StorkSamlEngine_incoming_attr.xml" /> + </configuration> + + <!-- Settings module signature--> + <configuration name="SignatureConf"> + <!-- Specific signature module --> + <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" /> + <!-- Settings specific module --> + <parameter name="fileConfiguration" value="SignModule_incoming_attr.xml" /> + </configuration> + </instance> + + <instance name="VIDP"> <!-- Configurations parameters StorkSamlEngine --> <configuration name="SamlEngineConf"> diff --git a/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml b/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml new file mode 100644 index 000000000..68b15e667 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/stork/SignModule_incoming_attr.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SWModule sign with JKS.</comment> + <entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry> + <entry key="keyStorePassword">local-demo</entry> + <entry key="keyPassword">local-demo</entry> + <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> + <entry key="serialNumber">4BA89DB2</entry> + <entry key="keystoreType">JKS</entry> +</properties> diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml new file mode 100644 index 000000000..fb786529a --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml @@ -0,0 +1,93 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SAML constants for AuthnRequests and Responses.</comment> + + <!-- + Types of consent obtained from the user for this authentication and + data transfer. + Allow values: 'unspecified'. + --> + <entry key="consentAuthnRequest">unspecified</entry> + + <!-- + Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'. + --> + <entry key="consentAuthnResponse">obtained</entry> + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + --> + <entry key="formatEntity">entity</entry> + + <!--Only HTTP-POST binding is only supported for inter PEPS--> + <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP--> + <entry key="protocolBinding">HTTP-POST</entry> + + + + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + <entry key="eIDSectorShare">true</entry> + <entry key="eIDCrossSectorShare">true</entry> + <entry key="eIDCrossBorderShare">true</entry> + --> + + + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="friendlyName">false</entry> + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="isRequired">true</entry> + + <!--PEPS in the Service Provider's country--> + <entry key="requester">http://S-PEPS.gov.xx</entry> + + <!--PEPS in the citizen's origin country--> + <entry key="responder">http://C-PEPS.gov.xx</entry> + + <!--Subject cannot be confirmed on or after this seconds time (positive number)--> + <entry key="timeNotOnOrAfter">300</entry> + + <!--Validation IP of the response--> + <entry key="ipAddrValidation">false</entry> + + + <!--Subject Attribute Definitions--> + <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry> + <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry> + <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry> + <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry> + <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry> + <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry> + <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry> + <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry> + <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry> + <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry> + <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry> + <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry> + <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry> + <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry> + <entry key="age">http://www.stork.gov.eu/1.0/age</entry> + <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry> + + <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry> + <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry> + + <entry key="title">http://www.stork.gov.eu/1.0/title</entry> + <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry> + + <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry> + <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry> + + <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry> + <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry> + <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry> + <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry> + <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry> + <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry> + +</properties> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index e10c4d9d9..91326a51d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -3,91 +3,77 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; -import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; -import edu.emory.mathcs.backport.java.util.Collections; -import eu.stork.peps.auth.commons.*; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.commons.io.IOUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnResponse; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.*; -import java.util.HashMap; -import eu.stork.peps.auth.engine.SAMLEngine; import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + /** + * Second request step - after authentication of the user is done and moasession obtained, + * process request and forward the user further to PEPS and/or other entities + * * @author bsuzic - * Date: 12/3/13, Time: 2:08 PM */ public class AuthenticationRequest implements IAction { - /* - Second request step - after authentication of the user is done and moasession obtained, - process request and forward the user further to PEPS and/or other entities - */ private VelocityEngine velocityEngine; private AuthenticationSession moaSession; - private MOASTORKAuthnRequest moaStorkAuthnRequest; + private MOASTORKRequest moaStorkRequest; public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { this.moaSession = moasession; - this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req; - - try { - MISMandate mandate = moasession.getMISMandate(); - String owbpk = mandate.getOWbPK(); - byte[] mand = mandate.getMandate(); - String profprep = mandate.getProfRep(); - //String textdesc = mandate.getTextualDescriptionOfOID(); - Element mndt = moasession.getMandate(); + this.moaStorkRequest = (MOASTORKRequest) req; + + if (moasession.getUseMandate()) { + try { + MISMandate mandate = moasession.getMISMandate(); + String owbpk = mandate.getOWbPK(); + byte[] mand = mandate.getMandate(); + String profprep = mandate.getProfRep(); + //String textdesc = mandate.getTextualDescriptionOfOID(); + Element mndt = moasession.getMandate(); + + iterate(mndt.getAttributes()); + Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); + } catch (Exception x) { + Logger.debug("There is no mandate used in transaction"); + } + } - iterate(mndt.getAttributes()); - Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); - } catch (Exception x) {} Logger.debug("Starting AuthenticationRequest"); - //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); - Logger.debug("Http Response: " + httpResp.toString() + ", "); - Logger.debug("Remote user: " + httpReq.getRemoteAddr()); - Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); httpResp.reset(); STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry(((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getSpCountry()); - + authnResponse.setCountry(((MOASTORKRequest) req).getStorkAuthnRequest().getSpCountry()); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); // Prepare basic AT attributes try { - IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); + IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); @@ -114,13 +100,13 @@ public class AuthenticationRequest implements IAction { DataContainer container = new DataContainer(); // - fill in the request we extracted above - container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); - + container.setRequest(((MOASTORKRequest) req).getStorkAuthnRequest()); + // - fill in the partial response created above container.setResponse(authnResponse); - + // - memorize the target url were we have to return the result - container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + container.setTarget(((MOASTORKRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); container.setRemoteAddress(httpReq.getRemoteAddr()); @@ -141,24 +127,25 @@ public class AuthenticationRequest implements IAction { Logger.debug("--Attribute: " + attributesList.item(j).getNodeName() + " = " + attributesList.item(j).getNodeValue()); - } } + } + } public PersonalAttributeList populateAttributes() { - IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList(); - Logger.info("Found " + attrLst.size() + " personal attributes in the request." ); + IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); + Logger.info("Found " + attrLst.size() + " personal attributes in the request."); // Define attribute list to be populated PersonalAttributeList attributeList = new PersonalAttributeList(); - MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkAuthnRequest); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest); try { for (PersonalAttribute personalAttribute : attrLst) { Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); moaAttributeProvider.populateAttribute(attributeList, personalAttribute); } - } catch (Exception e) { + } catch (Exception e) { Logger.error("Exception, attributes: " + e.getMessage()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 190a0d27c..d89fb8cb2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -22,7 +22,7 @@ public class MOAAttributeProvider { private final IdentityLink identityLink; private static final Map<String, String> storkAttributeSimpleMapping; private static final Map<String, String> storkAttributeFunctionMapping; - private final MOASTORKAuthnRequest moastorkAuthnRequest; + private final MOASTORKRequest moastorkRequest; static { Map<String, String> tempSimpleMap = new HashMap<String, String>(); @@ -35,9 +35,9 @@ public class MOAAttributeProvider { storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); } - public MOAAttributeProvider(IdentityLink identityLink, MOASTORKAuthnRequest moastorkAuthnRequest) { + public MOAAttributeProvider(IdentityLink identityLink, MOASTORKRequest moastorkRequest) { this.identityLink = identityLink; - this.moastorkAuthnRequest = moastorkAuthnRequest; + this.moastorkRequest = moastorkRequest; Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue()); } @@ -70,9 +70,9 @@ public class MOAAttributeProvider { } private String geteIdentifier() { - Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry()); + Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry()); try { - return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry()); + return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkRequest.getStorkAuthnRequest().getSpCountry()); } catch (BuildException be) { Logger.error("Stork eid could not be constructed; " + be.getMessage()); return null; // TODO error diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index cee64e16e..8c7fd8706 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -1,52 +1,76 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.moduls.IRequest; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAuthnRequest; -import org.opensaml.common.xml.SAMLConstants; /** + * Implements MOA request and stores StorkAuthnRequest related data + * * @author bsuzic - * Date: 12/4/13, Time: 6:31 PM */ -public class MOASTORKAuthnRequest implements IRequest { +public class MOASTORKRequest implements IRequest { private String requestID; private String target = null; String module = null; String action = null; private STORKAuthnRequest storkAuthnRequest; + private STORKAttrQueryRequest storkAttrQueryRequest; + private boolean isAttrRequest = false; + private boolean isAuthnRequest = false; public void setSTORKAuthnRequest(STORKAuthnRequest request) { this.storkAuthnRequest = request; + if (request != null) { + isAuthnRequest = true; + } } + public void setSTORKAttrRequest(STORKAttrQueryRequest request) { + this.storkAttrQueryRequest = request; + if (request != null) { + isAttrRequest = true; + } + + } + + public boolean isAttrRequest() { + return this.isAttrRequest; + } + + public boolean isAuthnRequest() { + return this.isAuthnRequest; + } + + public STORKAuthnRequest getStorkAuthnRequest() { return this.storkAuthnRequest; } public String getOAURL() { - return "https://sp:8889/SP"; // + return storkAuthnRequest.getAssertionConsumerServiceURL(); } public boolean isPassiv() { - return false; // + return false; } public boolean forceAuth() { - return false; // + return false; } public boolean isSSOSupported() { - return false; // + return false; } public String requestedModule() { - return this.module; // + return this.module; } public String requestedAction() { - return action; // + return action; } public void setModule(String module) { @@ -58,7 +82,7 @@ public class MOASTORKAuthnRequest implements IRequest { } public String getTarget() { - return this.target; // + return this.target; } public void setRequestID(String id) { @@ -66,6 +90,6 @@ public class MOASTORKAuthnRequest implements IRequest { } public String getRequestID() { - return this.requestID; // + return this.requestID; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 042d61080..28a516d2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -5,13 +5,12 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.ws.transport.http.HTTPInTransport; import org.opensaml.ws.transport.http.HTTPOutTransport; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; @@ -20,7 +19,6 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.util.Collections; import java.util.HashMap; /** @@ -81,6 +79,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); samlMessageContext.setInboundMessageTransport(profileReq); +/* HTTPPostDecoder postDecoder = new HTTPPostDecoder(); postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator @@ -90,8 +89,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } catch (Exception e) { Logger.error("Error decoding STORKAuthnRequest", e); } +*/ - MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); + MOASTORKRequest STORK2Request = new MOASTORKRequest(); //extract STORK Response from HTTP Request @@ -99,7 +99,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { try { decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest")); } catch(NullPointerException e) { - Logger.error("Unable to retrieve STORK Response", e); + Logger.error("Unable to retrieve STORK Request", e); throw new MOAIDException("stork.04", null); } @@ -107,13 +107,26 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); STORKAuthnRequest authnRequest = null; + STORKAttrQueryRequest attrRequest = null; + // check if valid authn request is contained try { authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() ); } + + // check if a valid attr request is container + try { + attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() ); + } + + + + Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL()); Logger.error("cc " + authnRequest.getCitizenCountryCode()); Logger.error("iss " + authnRequest.getIssuer()); @@ -121,7 +134,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.error("spi " + authnRequest.getSpInstitution()); STORK2Request.setSTORKAuthnRequest(authnRequest); - + STORK2Request.setSTORKAttrRequest(attrRequest); return STORK2Request; } |