aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java212
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java2
2 files changed, 134 insertions, 80 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 3b78ef37c..7801f9a54 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -91,95 +91,149 @@ public class AttributeCollector implements IAction {
* @throws MOAIDException
*/
public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {
- // check if there are attributes we need to fetch
- IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
- IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList();
- List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
- for(PersonalAttribute current : requestAttributeList)
- if(!responseAttributeList.containsKey(current))
- missingAttributes.add(current);
-
- try {
- // for each attribute still missing
- for(PersonalAttribute currentAttribute : missingAttributes) {
- // - check if we can find a suitable AttributeProvider Plugin
- for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) {
- try {
- // - hand over control to the suitable plugin
- IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession);
-
- // - add the aquired attribute to the container
- for(PersonalAttribute current : aquiredAttributes)
- container.getResponse().getPersonalAttributeList().add(current);
- } catch(UnsupportedAttributeException e) {
- // ok, try the next attributeprovider
- } catch(MOAIDException e) {
- // the current plugin had an error. Try the next one.
- // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop
- }
-
- }
- }
- } catch (ExternalAttributeRequestRequiredException e) {
- // the attribute request is ongoing and requires an external service.
- try {
- // memorize the container again
- // - generate new key
- String newArtifactId = new SecureRandomIdentifierGenerator()
- .generateIdentifier(); /*
- Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel());
- StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest());
-
- HttpSession httpSession = httpReq.getSession();
- httpSession.setAttribute("STORKSessionID", "12345");
- httpResp.setStatus(startAuthResponse.getHttpStatusCode());
- try {
- ServletOutputStream os = httpResp.getOutputStream();
- String html = new String(startAuthResponse.getContent());
-
-
- if (html.contains("<![CDATA[")) {
- Logger.info("-------- content contains <![CDATA[-----------------");
- Logger.info("-------- content contains html -----------------");
- Logger.info("HTML : " + html);
- int beginIndex = html.indexOf("<![CDATA[");
- int endIndex = html.indexOf("]]>");
- html = html.substring(beginIndex + 9, endIndex);
- startAuthResponse.setContent(html.getBytes());
+ // check if there are attributes we need to fetch
+ this.httpResp = response;
+ this.container = container;
+
+ IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
+ IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList();
+ List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
+ for (PersonalAttribute current : requestAttributeList)
+ if (!responseAttributeList.containsKey(current.getName()))
+ missingAttributes.add(current);
+
+ // Try to get all missing attributes
+ try {
+ // for each attribute still missing
+ for (PersonalAttribute currentAttribute : missingAttributes) {
+ // - check if we can find a suitable AttributeProvider Plugin
+ for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) {
+ try {
+ // - hand over control to the suitable plugin
+ IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession);
+
+ // - add the aquired attribute to the container
+ for (PersonalAttribute current : aquiredAttributes)
+ container.getResponse().getPersonalAttributeList().add(current);
+ } catch (UnsupportedAttributeException e) {
+ // ok, try the next attributeprovider
+ } catch (MOAIDException e) {
+ // the current plugin had an error. Try the next one.
+ // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop
+ }
+
}
- Logger.info("HTML : " + html);
+ }
+
+ // build response
+ generateSTORKResponse();
+
+ // set new http response
+ generateRedirectResponse();
+ response = httpResp;
+
+ return "12345"; // AssertionId
+
+ } catch (ExternalAttributeRequestRequiredException e) {
+ // the attribute request is ongoing and requires an external service.
+ try {
+ // memorize the container again
+ // - generate new key
+ String newArtifactId = new SecureRandomIdentifierGenerator()
+ .generateIdentifier();
+ // - put container in temporary store.
+ AssertionStorage.getInstance().put(newArtifactId, container);
+
+ // add container-key to redirect embedded within the return URL
+ e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam);
+
- os.write(startAuthResponse.getContent());
- Logger.info("Response sent to client");
- } catch (IOException e) {
- Logger.error("ERROR MOA");
- throw new MOAIDException("error response sending", new Object[]{});
+ } catch (Exception e1) {
+ // TODO should we return the response as is to the PEPS?
+ Logger.error("Error putting incomplete Stork response into temporary storage", e);
+ throw new MOAIDException("stork.11", null);
}
- //httpSession.setAttribute("CCC", ccc);
- */
+ return "12345"; // TODO what to do here?
}
- //httpResp.setStatus(200);
- //VPEPSInboundPostHandler
+ }
- // - put container in temporary store.
- AssertionStorage.getInstance().put(newArtifactId, container);
- // add container-key to redirect embedded within the return URL
- e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam);
- } catch (Exception e1) {
- // TODO should we return the response as is to the PEPS?
- Logger.error("Error putting incomplete Stork response into temporary storage", e);
- throw new MOAIDException("stork.11", null);
- }
+ private void generateSTORKResponse() throws MOAIDException {
+ STORKAuthnResponse authnResponse = container.getResponse();
+ STORKAuthnRequest authnRequest = container.getRequest();
- return "12345"; // TODO what to do here?
- }
- // build response
- // done
- return "12345"; // AssertionId
+ try {
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+ Logger.debug("Starting generation of SAML response");
+ authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false);
+
+ //generateSAML Token
+ Logger.info("SAML response succesfully generated!");
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Failed to generate STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null);
+ }
+
+ Logger.info("STORK SAML Response message succesfully generated ");
+ String statusCodeValue = authnResponse.getStatusCode();
+
+ try {
+ Logger.debug("authn saml plain:" + authnResponse.getTokenSaml());
+ Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works
+ Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+
+ container.setResponse(authnResponse);
+
+ }
+
+
+ private void generateRedirectResponse() {
+ STORKAuthnResponse authnResponse = container.getResponse();
+ STORKAuthnRequest authnRequest = container.getRequest();
+
+
+ // preparing redirection for the client
+
+ try {
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
+
+ context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+ Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+
+ Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL());
+ context.put("action", authnRequest.getAssertionConsumerServiceURL());
+ Logger.debug("Starting template merge");
+ StringWriter writer = new StringWriter();
+
+ Logger.debug("Doing template merge");
+ template.merge(context, writer);
+ Logger.debug("Template merge done");
+
+ Logger.debug("Sending html content: " + writer.getBuffer().toString());
+ Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
+
+
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+ } catch (Exception e) {
+ Logger.error("Velocity error: " + e.getMessage());
+ }
+
+ //HttpSession httpSession = this.httpResp.getSession();
+ //httpSession.setAttribute("STORKSessionID", "12345");
+ //Logger.info("Status code again: " + authnResponse.getStatusCode());
+
+ //return "12345"; // AssertionId
}
/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 318a8fc9c..01f0079ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -137,7 +137,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
}
//Get SAMLEngine instance
- STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming");
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
STORKAuthnRequest authnRequest = null;
Logger.error("decsamltoken" +decSamlToken.toString());