diff options
5 files changed, 105 insertions, 25 deletions
| diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 461ff7efc..5ed7739ec 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -69,11 +69,11 @@          <to type="forward">/dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string}</to>      </rule>      <rule match-type="regex"> -        <from>^/moa-id-auth/SendPEPSAuthnRequest$</from> +        <from>^/stork2/SendPEPSAuthnRequest$</from>          <to type="forward">/dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string}</to>      </rule>      <rule match-type="regex"> -        <from>^/moa-id-auth/RetrieveMandate$</from> +        <from>^/stork2/RetrieveMandate$</from>          <to type="forward">/dispatcher?mod=id_stork2&action=MandateRetrievalRequest&%{query-string}</to>      </rule> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 1dfccb6c0..e0f14c41d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -194,7 +194,7 @@ public class AttributeCollector implements IAction {       * @throws MOAIDException        */  	private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException { -		Logger.info("Updating " + source.size() + " attributes..."); +		Logger.info("Updating " + source.size() + " attribute(s)...");  		for (PersonalAttribute current : source) {  			Logger.debug("treating " + current.getName()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index a8a9d9677..7fb7a7bc6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -41,7 +41,12 @@ public class AttributeProviderFactory {          } else if (shortname.equals("SignedDocAttributeRequestProvider")) {              return new SignedDocAttributeRequestProvider(url, attributes);          } else if (shortname.equals("MandateAttributeRequestProvider")) { -            return new MandateAttributeRequestProvider(url, attributes); +            try { +                return new MandateAttributeRequestProvider(url, attributes); +            } catch (Exception ex) { +                ex.printStackTrace(); +                return null; +            }          } else {              return null;          } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 442fa8a5b..88c0e889d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -66,12 +66,8 @@ public class AuthenticationRequest implements IAction {                  Logger.debug("Starting AuthenticationRequest");                  moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); -                // Get personal attributtes from MOA/IdentityLink -                moaStorkResponse.setPersonalAttributeList(populateAttributes()); -                  STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); -                STORKAuthnResponse authnResponse = new STORKAuthnResponse();                  Logger.debug("Starting generation of SAML response");                  try { @@ -80,6 +76,10 @@ public class AuthenticationRequest implements IAction {                      // TODO                  } +                // Get personal attributtes from MOA/IdentityLink +                moaStorkResponse.setPersonalAttributeList(populateAttributes()); + +              }              //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java index 123999166..d3eded934 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -1,52 +1,127 @@  package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.HTTPUtils;  import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; +import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import java.io.StringWriter;  /** - *  Provides mandate attribute from MIS - * + * Provides mandate attribute from MIS   */  public class MandateAttributeRequestProvider implements AttributeProvider { -    /** The destination. */ -    private Object destination; +    /** +     * The destination. +     */ +    private String destination; -    /** The attributes. */ +    /** +     * The attributes. +     */      private String attributes; -    public MandateAttributeRequestProvider(String url, String supportedAttributes) { +    private String spCountryCode; + +    private PersonalAttributeList requestedAttributes; + +    public MandateAttributeRequestProvider(String aPurl, String supportedAttributes) throws MOAIDException {          Logger.setHierarchy("moa.id.protocols.stork2"); -        destination = url; +        destination = aPurl;          attributes = supportedAttributes;      } -    public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { -        Logger.info("Acquiring attribute: " + this.getClass().getName()); +    public String getAttrProviderName() { +        return "MandateAttributeRequestProvider"; +    } + +    public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { +        Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName()); +        this.spCountryCode = spCountryCode; +        requestedAttributes = new PersonalAttributeList(1); +        requestedAttributes.add(attribute); +          // break if we cannot handle the requested attribute -        if(!attributes.contains(attribute.getName())) +        if (!attributes.contains(attribute.getName())) { +            Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName());              throw new UnsupportedAttributeException(); +        }          PersonalAttributeList result = new PersonalAttributeList();          //return result; +        Logger.info("Thrown external request by: " + getAttrProviderName());          throw new ExternalAttributeRequestRequiredException(this);      }      public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { -        Logger.info("Redirecting: " + this.getClass().getName()); +        Logger.setHierarchy("moa.id.protocols.stork2"); + +        String spSector = "Business"; +        String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); +        String spApplication = spInstitution; + +        //generate AuthnRquest +        STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); +        attributeRequest.setDestination(destination); +        attributeRequest.setAssertionConsumerServiceURL(url); +        attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); +        attributeRequest.setQaa(oaParam.getQaaLevel()); +        attributeRequest.setSpInstitution(spInstitution); +        attributeRequest.setCountry(spCountryCode); +        attributeRequest.setSpCountry(spCountryCode); +        attributeRequest.setSpApplication(spApplication); +        attributeRequest.setSpSector(spSector); +        attributeRequest.setPersonalAttributeList(requestedAttributes); + +        attributeRequest.setCitizenCountryCode("AT"); + + +        Logger.info("STORK AttrRequest successfully assembled."); + +        STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); +        try { +            attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest); +        } catch (STORKSAMLEngineException e) { +            Logger.error("Could not sign STORK SAML AttrRequest.", e); +            throw new MOAIDException("stork.00", null); +        } + +        Logger.info("STORK AttrRequest successfully signed!"); + +        try { +            Logger.trace("Initialize VelocityEngine..."); + +            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); +            Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); +            VelocityContext context = new VelocityContext(); +            context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml())); +            context.put("action", destination); + +            StringWriter writer = new StringWriter(); +            template.merge(context, writer); + +            resp.getOutputStream().write(writer.toString().getBytes()); +        } catch (Exception e) { +            Logger.error("Error sending STORK SAML AttrRequest.", e); +            throw new MOAIDException("stork.11", null); +        } +        Logger.info("STORK AttrRequest successfully rendered!");      }      public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { -        Logger.info("Parsing attribute: " + this.getClass().getName()); -          return null;  //      } +  } + | 
