diff options
author | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-03-18 16:02:05 +0100 |
---|---|---|
committer | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-03-18 16:02:05 +0100 |
commit | 7f896d543b412062935db895c9a951d64d638b5d (patch) | |
tree | a5ca07955792839764e00f3f9edf8acb9ea27424 /id | |
parent | cb7942a2d5f13744b114fd6d4fad49aefdac12f1 (diff) | |
download | moa-id-spss-7f896d543b412062935db895c9a951d64d638b5d.tar.gz moa-id-spss-7f896d543b412062935db895c9a951d64d638b5d.tar.bz2 moa-id-spss-7f896d543b412062935db895c9a951d64d638b5d.zip |
correcting mandate request
Diffstat (limited to 'id')
5 files changed, 105 insertions, 25 deletions
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 461ff7efc..5ed7739ec 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -69,11 +69,11 @@ <to type="forward">/dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string}</to> </rule> <rule match-type="regex"> - <from>^/moa-id-auth/SendPEPSAuthnRequest$</from> + <from>^/stork2/SendPEPSAuthnRequest$</from> <to type="forward">/dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string}</to> </rule> <rule match-type="regex"> - <from>^/moa-id-auth/RetrieveMandate$</from> + <from>^/stork2/RetrieveMandate$</from> <to type="forward">/dispatcher?mod=id_stork2&action=MandateRetrievalRequest&%{query-string}</to> </rule> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 1dfccb6c0..e0f14c41d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -194,7 +194,7 @@ public class AttributeCollector implements IAction { * @throws MOAIDException */ private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException { - Logger.info("Updating " + source.size() + " attributes..."); + Logger.info("Updating " + source.size() + " attribute(s)..."); for (PersonalAttribute current : source) { Logger.debug("treating " + current.getName()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index a8a9d9677..7fb7a7bc6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -41,7 +41,12 @@ public class AttributeProviderFactory { } else if (shortname.equals("SignedDocAttributeRequestProvider")) { return new SignedDocAttributeRequestProvider(url, attributes); } else if (shortname.equals("MandateAttributeRequestProvider")) { - return new MandateAttributeRequestProvider(url, attributes); + try { + return new MandateAttributeRequestProvider(url, attributes); + } catch (Exception ex) { + ex.printStackTrace(); + return null; + } } else { return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 442fa8a5b..88c0e889d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -66,12 +66,8 @@ public class AuthenticationRequest implements IAction { Logger.debug("Starting AuthenticationRequest"); moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); - // Get personal attributtes from MOA/IdentityLink - moaStorkResponse.setPersonalAttributeList(populateAttributes()); - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - STORKAuthnResponse authnResponse = new STORKAuthnResponse(); Logger.debug("Starting generation of SAML response"); try { @@ -80,6 +76,10 @@ public class AuthenticationRequest implements IAction { // TODO } + // Get personal attributtes from MOA/IdentityLink + moaStorkResponse.setPersonalAttributeList(populateAttributes()); + + } //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java index 123999166..d3eded934 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -1,52 +1,127 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; +import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.StringWriter; /** - * Provides mandate attribute from MIS - * + * Provides mandate attribute from MIS */ public class MandateAttributeRequestProvider implements AttributeProvider { - /** The destination. */ - private Object destination; + /** + * The destination. + */ + private String destination; - /** The attributes. */ + /** + * The attributes. + */ private String attributes; - public MandateAttributeRequestProvider(String url, String supportedAttributes) { + private String spCountryCode; + + private PersonalAttributeList requestedAttributes; + + public MandateAttributeRequestProvider(String aPurl, String supportedAttributes) throws MOAIDException { Logger.setHierarchy("moa.id.protocols.stork2"); - destination = url; + destination = aPurl; attributes = supportedAttributes; } - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { - Logger.info("Acquiring attribute: " + this.getClass().getName()); + public String getAttrProviderName() { + return "MandateAttributeRequestProvider"; + } + + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName()); + this.spCountryCode = spCountryCode; + requestedAttributes = new PersonalAttributeList(1); + requestedAttributes.add(attribute); + // break if we cannot handle the requested attribute - if(!attributes.contains(attribute.getName())) + if (!attributes.contains(attribute.getName())) { + Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName()); throw new UnsupportedAttributeException(); + } PersonalAttributeList result = new PersonalAttributeList(); //return result; + Logger.info("Thrown external request by: " + getAttrProviderName()); throw new ExternalAttributeRequestRequiredException(this); } public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - Logger.info("Redirecting: " + this.getClass().getName()); + Logger.setHierarchy("moa.id.protocols.stork2"); + + String spSector = "Business"; + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + + //generate AuthnRquest + STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); + attributeRequest.setDestination(destination); + attributeRequest.setAssertionConsumerServiceURL(url); + attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); + attributeRequest.setQaa(oaParam.getQaaLevel()); + attributeRequest.setSpInstitution(spInstitution); + attributeRequest.setCountry(spCountryCode); + attributeRequest.setSpCountry(spCountryCode); + attributeRequest.setSpApplication(spApplication); + attributeRequest.setSpSector(spSector); + attributeRequest.setPersonalAttributeList(requestedAttributes); + + attributeRequest.setCitizenCountryCode("AT"); + + + Logger.info("STORK AttrRequest successfully assembled."); + + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); + try { + attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest); + } catch (STORKSAMLEngineException e) { + Logger.error("Could not sign STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AttrRequest successfully signed!"); + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.11", null); + } + Logger.info("STORK AttrRequest successfully rendered!"); } public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { - Logger.info("Parsing attribute: " + this.getClass().getName()); - return null; // } + } + |