aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorBojan Suzic <bojan.suzic@iaik.tugraz.at>2014-03-03 16:03:08 +0100
committerBojan Suzic <bojan.suzic@iaik.tugraz.at>2014-03-03 16:03:08 +0100
commitc900f870b2e64c2e25820b8162d8f0444c0dc7d4 (patch)
treeddebea22e42ddc008042307514d457e46d292603 /id
parentb04102cfcf46aa62417b6f1990dff76e2b706862 (diff)
downloadmoa-id-spss-c900f870b2e64c2e25820b8162d8f0444c0dc7d4.tar.gz
moa-id-spss-c900f870b2e64c2e25820b8162d8f0444c0dc7d4.tar.bz2
moa-id-spss-c900f870b2e64c2e25820b8162d8f0444c0dc7d4.zip
aatributes
Diffstat (limited to 'id')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java112
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java22
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties2
7 files changed, 110 insertions, 74 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 91326a51d..d33b33c77 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -33,88 +33,96 @@ public class AuthenticationRequest implements IAction {
private VelocityEngine velocityEngine;
- private AuthenticationSession moaSession;
- private MOASTORKRequest moaStorkRequest;
+ private AuthenticationSession moaSession = null;
+ private MOASTORKRequest moaStorkRequest = null;
public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
this.moaSession = moasession;
- this.moaStorkRequest = (MOASTORKRequest) req;
- if (moasession.getUseMandate()) {
- try {
- MISMandate mandate = moasession.getMISMandate();
- String owbpk = mandate.getOWbPK();
- byte[] mand = mandate.getMandate();
- String profprep = mandate.getProfRep();
- //String textdesc = mandate.getTextualDescriptionOfOID();
- Element mndt = moasession.getMandate();
-
- iterate(mndt.getAttributes());
- Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
- } catch (Exception x) {
- Logger.debug("There is no mandate used in transaction");
+ if (req instanceof MOASTORKRequest) {
+
+ this.moaStorkRequest = (MOASTORKRequest) req;
+
+
+ if (moasession.getUseMandate()) {
+ try {
+ MISMandate mandate = moasession.getMISMandate();
+ String owbpk = mandate.getOWbPK();
+ byte[] mand = mandate.getMandate();
+ String profprep = mandate.getProfRep();
+ //String textdesc = mandate.getTextualDescriptionOfOID();
+ Element mndt = moasession.getMandate();
+
+ iterate(mndt.getAttributes());
+ Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
+ } catch (Exception x) {
+ Logger.debug("There is no mandate used in transaction");
+ }
}
- }
- Logger.debug("Starting AuthenticationRequest");
- httpResp.reset();
+ Logger.debug("Starting AuthenticationRequest");
+ httpResp.reset();
- STORKAuthnResponse authnResponse = new STORKAuthnResponse();
- authnResponse.setCountry(((MOASTORKRequest) req).getStorkAuthnRequest().getSpCountry());
+ STORKAuthnResponse authnResponse = new STORKAuthnResponse();
+ authnResponse.setCountry(moaStorkRequest.getStorkAuthnRequest().getSpCountry());
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
- if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
- // Prepare basic AT attributes
- try {
- IPersonalAttributeList moaAttrList = moasession.getStorkAttributes();
- Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size());
+ // Prepare basic AT attributes
+ try {
+ IPersonalAttributeList moaAttrList = moasession.getStorkAttributes();
+ Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size());
- for (PersonalAttribute personalAttribute : moaAttrList) {
- Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus());
- if (personalAttribute.getValue().size() > 0) {
- for (String value : personalAttribute.getValue()) {
- Logger.info(" Value found: " + value);
+ for (PersonalAttribute personalAttribute : moaAttrList) {
+ Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus());
+ if (personalAttribute.getValue().size() > 0) {
+ for (String value : personalAttribute.getValue()) {
+ Logger.info(" Value found: " + value);
+ }
}
}
- }
- } catch (Exception e) {
- Logger.error("Exception, attributes: " + e.getMessage());
- }
+ } catch (Exception e) {
+ Logger.error("Exception, attributes: " + e.getMessage());
+ }
- // Get personal attributtes from MOA/IdentityLink
- authnResponse.setPersonalAttributeList(populateAttributes());
+ // Get personal attributtes from MOA/IdentityLink
+ authnResponse.setPersonalAttributeList(populateAttributes());
- // Prepare extended attributes
- Logger.debug("Preparing data container");
+ // Prepare extended attributes
+ Logger.debug("Preparing data container");
- // create fresh container
- DataContainer container = new DataContainer();
+ // create fresh container
+ DataContainer container = new DataContainer();
- // - fill in the request we extracted above
- container.setRequest(((MOASTORKRequest) req).getStorkAuthnRequest());
+ // - fill in the request we extracted above
+ container.setRequest(moaStorkRequest.getStorkAuthnRequest());
- // - fill in the partial response created above
- container.setResponse(authnResponse);
+ // - fill in the partial response created above
+ container.setResponse(authnResponse);
- // - memorize the target url were we have to return the result
- container.setTarget(((MOASTORKRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
+ // - memorize the target url were we have to return the result
+ container.setTarget(moaStorkRequest.getStorkAuthnRequest().getAssertionConsumerServiceURL());
- container.setRemoteAddress(httpReq.getRemoteAddr());
+ container.setRemoteAddress(httpReq.getRemoteAddr());
- Logger.debug("Data container prepared");
+ Logger.debug("Data container prepared");
- return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
+ return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
+ } else {
+ Logger.error("Could not recognize request.");
+ throw new MOAIDException("stork.15", null);
+ }
}
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java
index 669a9389b..9c0869d97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java
@@ -20,7 +20,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
*/
- @Override
public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession)
throws UnsupportedAttributeException {
PersonalAttributeList requestedAttributes = new PersonalAttributeList(1);
@@ -31,7 +30,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
*/
- @Override
public IPersonalAttributeList parse(HttpServletRequest httpReq) {
// TODO Auto-generated method stub
return null;
@@ -40,7 +38,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
- @Override
public void performRedirect(String url, String citizenCountyCode,
HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) {
// we should not get here
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java
index 2f6b69075..26fc00406 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java
@@ -20,7 +20,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
*/
- @Override
public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession)
throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {
throw new ExternalAttributeRequestRequiredException(this);
@@ -29,7 +28,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
*/
- @Override
public IPersonalAttributeList parse(HttpServletRequest httpReq) {
PersonalAttributeList requestedAttributes = new PersonalAttributeList(1);
requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList<String>(), ""));
@@ -39,7 +37,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
- @Override
public void performRedirect(String url, String citizenCountyCode,
HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) {
// we should not get here
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java
new file mode 100644
index 000000000..7665bb239
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java
@@ -0,0 +1,27 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Implements Attribute Provider for Mandates
+ */
+public class MISAttributeProvider implements AttributeProvider {
+ public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
+ return null; //
+ }
+
+ public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException {
+ //
+ }
+
+ public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException {
+ return null; //
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index 8c7fd8706..1776d958c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -1,11 +1,13 @@
package at.gv.egovernment.moa.id.protocols.stork2;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
import eu.stork.peps.auth.commons.STORKAuthnRequest;
/**
- * Implements MOA request and stores StorkAuthnRequest related data
+ * Implements MOA request and stores StorkAuthn/Attr-Request related data
*
* @author bsuzic
*/
@@ -32,7 +34,6 @@ public class MOASTORKRequest implements IRequest {
if (request != null) {
isAttrRequest = true;
}
-
}
public boolean isAttrRequest() {
@@ -49,8 +50,14 @@ public class MOASTORKRequest implements IRequest {
}
public String getOAURL() {
-
- return storkAuthnRequest.getAssertionConsumerServiceURL();
+ if (isAuthnRequest)
+ return storkAuthnRequest.getAssertionConsumerServiceURL();
+ else if (isAttrRequest)
+ return storkAttrQueryRequest.getAssertionConsumerServiceURL();
+ else {
+ Logger.error("There is no authentication or attribute request contained in MOASTORKRequest.");
+ return null;
+ }
}
public boolean isPassiv() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 3b9a5bc29..e68b66510 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -6,9 +6,7 @@ import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.peps.auth.commons.PEPSUtil;
-import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.*;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
import org.opensaml.common.binding.BasicSAMLMessageContext;
@@ -93,14 +91,15 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
}
//Get SAMLEngine instance
- STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming");
+ STORKSAMLEngine authnEngine = STORKSAMLEngine.getInstance("incoming");
+ STORKSAMLEngine attrEngine = STORKSAMLEngine.getInstance("incoming_attr");
STORKAuthnRequest authnRequest = null;
STORKAttrQueryRequest attrRequest = null;
// check if valid authn request is contained
try {
- authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);
+ authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken);
} catch (STORKSAMLEngineException ex) {
Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());
}
@@ -108,17 +107,16 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
// check if a valid attr request is container
try {
- attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken);
+ attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken);
} catch (STORKSAMLEngineException ex) {
Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());
}
-
- Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL());
- Logger.error("cc " + authnRequest.getCitizenCountryCode());
- Logger.error("iss " + authnRequest.getIssuer());
- Logger.error("spid " + authnRequest.getSPID());
- Logger.error("spi " + authnRequest.getSpInstitution());
+ // if there is no authn or attr request, raise error
+ if ((authnRequest == null) && (attrRequest == null)) {
+ Logger.error("There is no authentication or attribute request contained.");
+ throw new MOAIDException("stork.14", null);
+ }
STORK2Request.setSTORKAuthnRequest(authnRequest);
STORK2Request.setSTORKAttrRequest(attrRequest);
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 4007eacdc..99d5d7612 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -208,6 +208,8 @@ stork.10=Fehler in der Verbindung zum SZR-Gateway
stork.11=Fehler beim Sammeln von StorkAttributen
stork.12=Konnte keine VIDP Konfiguration finden
stork.13=Fehler beim Sammeln eines Attributes in einem AttributProviderPlugin
+stork.14=Es wurde weder Authentifizierungs/ noch Attributerequest empfangen
+stork.15=Unbekannte request.
pvp2.00={0} ist kein gueltiger consumer service index
pvp2.01=Fehler beim kodieren der PVP2 Antwort