aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-06-26 09:53:54 +0200
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-06-26 09:53:54 +0200
commit36fccc971da91b5bfa0eb2adbee2c086e2ac3862 (patch)
tree1836fe6906822a0ebe03b7e0b03a294179f8ae05 /id/server
parentc7f3a798a9d220e39a8d8ac7b0c1dc159094a110 (diff)
downloadmoa-id-spss-36fccc971da91b5bfa0eb2adbee2c086e2ac3862.tar.gz
moa-id-spss-36fccc971da91b5bfa0eb2adbee2c086e2ac3862.tar.bz2
moa-id-spss-36fccc971da91b5bfa0eb2adbee2c086e2ac3862.zip
PVP2 Mandates prof rep done
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java66
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties3
11 files changed, 185 insertions, 35 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
index e9d802e17..1d51d91f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -7,6 +7,7 @@ import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
@@ -61,11 +62,10 @@ public class ArtifactBinding implements IDecoder, IEncoder {
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
SingleSignOnService service = new SingleSignOnServiceBuilder()
.buildObject();
- service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact");
+ service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
service.setLocation(targetLocation);
context.setOutboundSAMLMessageSigningCredential(credentials);
context.setPeerEntityEndpoint(service);
- // context.setOutboundMessage(authReq);
context.setOutboundSAMLMessage(response);
context.setOutboundMessageTransport(responseAdapter);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 0820b5d4f..04ec3eaee 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -73,12 +73,7 @@ public class SoapBinding implements IDecoder, IEncoder {
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
resp, true);
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
- service.setLocation(targetLocation);
context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setPeerEntityEndpoint(service);
context.setOutboundSAMLMessage(response);
context.setOutboundMessageTransport(responseAdapter);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 8bdfe3e5d..1962d1c7b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNat
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
@@ -63,6 +64,7 @@ public class PVPAttributeBuilder {
addBuilder(new MandateProfRepOIDAttributeBuilder());
addBuilder(new MandateProfRepDescAttributeBuilder());
addBuilder(new MandateReferenceValueAttributeBuilder());
+ addBuilder(new MandateFullMandateAttributeBuilder());
}
public static Attribute buildAttribute(String name,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
new file mode 100644
index 000000000..9e51f97ae
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.io.IOException;
+
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_FULL_MANDATE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession)
+ throws PVP2Exception {
+ if (authSession.getUseMandate()) {
+ if (authSession.getMandate() != null) {
+ String fullMandate;
+ try {
+ fullMandate = DOMUtils.serializeNode(authSession
+ .getMandate());
+ return buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+ MANDATE_FULL_MANDATE_NAME, fullMandate);
+ } catch (TransformerException e) {
+ Logger.error("Failed to generate Full Mandate", e);
+ } catch (IOException e) {
+ Logger.error("Failed to generate Full Mandate", e);
+ }
+ }
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+ MANDATE_FULL_MANDATE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
index 8588b6424..6a066874a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -3,11 +3,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder {
@@ -21,14 +21,17 @@ public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder {
if(mandate == null) {
throw new NoMandateDataAvailableException();
}
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAvailableException();
+
+ String text = AttributeExtractor.extractSAMLAttributeOA(
+ ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
+ authSession);
+
+ if(text == null) {
+ return null;
}
- //TODO: extract PROF REP DESCRIPTION
return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
- MANDATE_PROF_REP_DESC_NAME, "TODO");
+ MANDATE_PROF_REP_DESC_NAME, text);
}
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index 9f655761b..ddc7f6671 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -3,11 +3,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder {
@@ -21,14 +21,17 @@ public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder {
if(mandate == null) {
throw new NoMandateDataAvailableException();
}
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAvailableException();
+
+ String oid = AttributeExtractor.extractSAMLAttributeOA(
+ ParepValidator.EXT_SAML_MANDATE_OID,
+ authSession);
+
+ if(oid == null) {
+ return null;
}
- //TODO: extract PROF REP OID
return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME,
- MANDATE_PROF_REP_OID_NAME, "TODO");
+ MANDATE_PROF_REP_OID_NAME, oid);
}
return null;
@@ -40,3 +43,4 @@ public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder {
MANDATE_PROF_REP_OID_NAME);
}
}
+ \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
new file mode 100644
index 000000000..61c41d82b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class RequestDeniedException extends PVP2Exception {
+
+ public RequestDeniedException() {
+ super("pvp2.14", null);
+ this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4415896615794730553L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index 3d2bd33b0..c18296383 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -8,9 +8,13 @@ import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry
import org.opensaml.saml2.core.ArtifactResolve;
import org.opensaml.saml2.core.ArtifactResponse;
+import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
public class ArtifactResolution implements IRequestHandler {
@@ -19,24 +23,33 @@ public class ArtifactResolution implements IRequestHandler {
}
public void process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp) {
- if(!handleObject(obj)) {
- // TODO: throw exception
- return;
+ HttpServletResponse resp) throws MOAIDException {
+ if (!handleObject(obj)) {
+ throw new MOAIDException("pvp2.13", null);
}
-
- ArtifactResolve artifactResolve = (ArtifactResolve)obj.getSamlRequest();
+
+ ArtifactResolve artifactResolve = (ArtifactResolve) obj
+ .getSamlRequest();
String artifactID = artifactResolve.getArtifact().getArtifact();
-
+
PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance();
- if(!pvpAssertion.contains(artifactID)) {
- // TODO: send not found ...
+
+ if (!pvpAssertion.contains(artifactID)) {
+ throw new RequestDeniedException();
} else {
- SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID);
- ArtifactResponse response = SAML2Utils.createSAMLObject(ArtifactResponse.class);
- response.setMessage(assertion.getSamlMessage());
- response.setIssueInstant(new DateTime());
+ try {
+ SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID);
+ ArtifactResponse response = SAML2Utils
+ .createSAMLObject(ArtifactResponse.class);
+ response.setMessage(assertion.getSamlMessage());
+ response.setIssueInstant(new DateTime());
+ SoapBinding encoder = new SoapBinding();
+ encoder.encodeRespone(req, resp, response, null);
+ } catch (Exception e) {
+ Logger.error("Failed to resolve artifact", e);
+ }
}
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index 29c960dd6..9121f7558 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -27,6 +27,7 @@ public class RequestManager {
private RequestManager() {
handler = new ArrayList<IRequestHandler>();
handler.add(new AuthnRequestHandler());
+ handler.add(new ArtifactResolution());
}
public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
new file mode 100644
index 000000000..a59fc17c5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
@@ -0,0 +1,66 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.Iterator;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+
+public class AttributeExtractor {
+
+ public static String extractSAMLAttributeOA(String name,
+ AuthenticationSession authSession) {
+ List extAttributes = authSession.getExtendedSAMLAttributesOA();
+ if(extAttributes == null) {
+ return null;
+ }
+ Iterator extAttributesIt = extAttributes.iterator();
+ String value = null;
+ while(extAttributesIt.hasNext()) {
+ Object attr = extAttributesIt.next();
+ if(attr instanceof ExtendedSAMLAttribute) {
+ ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
+ if(extAttribute.getName().equals(name)) {
+ if(extAttribute.getValue() instanceof String) {
+ return extAttribute.getValue().toString();
+ }
+ break;
+ }
+ }
+ }
+ return null;
+ }
+
+ public static String extractSAMLAttributeAUTH(String name,
+ AuthenticationSession authSession) {
+ List extAttributes = authSession.getExtendedSAMLAttributesAUTH();
+ if(extAttributes == null) {
+ return null;
+ }
+ Iterator extAttributesIt = extAttributes.iterator();
+ String value = null;
+ while(extAttributesIt.hasNext()) {
+ Object attr = extAttributesIt.next();
+ if(attr instanceof ExtendedSAMLAttribute) {
+ ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
+ if(extAttribute.getName().equals(name)) {
+ if(extAttribute.getValue() instanceof String) {
+ return extAttribute.getValue().toString();
+ }
+ break;
+ }
+ }
+ }
+ return null;
+ }
+
+ public static String extractSAMLAttributeBOTH(String name,
+ AuthenticationSession authSession) {
+ String value = extractSAMLAttributeOA(name, authSession);
+ if(value == null) {
+ value = extractSAMLAttributeAUTH(name, authSession);
+ }
+ return value;
+ }
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index aa0418e77..369cbd5b6 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -199,4 +199,5 @@ pvp2.09=SAML Anfrage wird nicht unterstuetzt
pvp2.10=Attribut {0} nicht verfuegbar
pvp2.11=Binding {0} wird nicht unterstuetzt
pvp2.12=NameID Format {0} wird nicht unterstuetzt
-pvp2.13=Interner Server Fehler \ No newline at end of file
+pvp2.13=Interner Server Fehler
+pvp2.14=SAML Anfrage verweigert \ No newline at end of file