diff options
3 files changed, 76 insertions, 7 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 4eb874d8f..8ccaa35de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -89,7 +89,7 @@ public class AttributeCollector implements IAction {  			container.getResponse().getPersonalAttributeList().add(current);      	// see if we need some more attributes -    	return processRequest(container, httpResp); +    	return processRequest(container, httpReq, httpResp);      }      /** @@ -100,7 +100,7 @@ public class AttributeCollector implements IAction {       * @return the string       * @throws MOAIDException        */ -    public String processRequest(DataContainer container, HttpServletResponse response) throws MOAIDException { +    public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response) throws MOAIDException {      	// check if there are attributes we need to fetch      	IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();      	IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -139,7 +139,7 @@ public class AttributeCollector implements IAction {  				AssertionStorage.getInstance().put(newArtifactId, container);  				// add container-key to redirect embedded within the return URL -				e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId, response); +				e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response);  			} catch (Exception e1) {  				// TODO should we return the response as is to the PEPS?  				Logger.error("Error putting incomplete Stork response into temporary storage", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index e1f5620a8..117a1f6b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -1,7 +1,5 @@  package at.gv.egovernment.moa.id.protocols.stork2; -import java.util.List; -  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; @@ -32,9 +30,11 @@ public interface AttributeProvider {  	 * Perform redirect.  	 *  	 * @param url the return URL ending with ?artifactId=... +	 * @param citizenCountyCode the citizen county code +	 * @param req the request we got from the S-PEPS and for which we have to ask our APs  	 * @param resp the response to the preceding request  	 */ -	public void performRedirect(String url, HttpServletResponse resp); +	public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp);  	/**  	 * Parses the response we got from the external attribute provider. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 32b0bb334..90b1a0180 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -1,15 +1,31 @@  package at.gv.egovernment.moa.id.protocols.stork2; +import java.io.StringWriter; +import java.util.ArrayList; +  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.HTTPUtils;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; +  import eu.stork.peps.auth.commons.IPersonalAttributeList;  import eu.stork.peps.auth.commons.PEPSUtil;  import eu.stork.peps.auth.commons.PersonalAttribute;  import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest;  import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse;  import eu.stork.peps.auth.engine.STORKSAMLEngine;  import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -19,6 +35,9 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException;  public class StorkAttributeRequestProvider implements AttributeProvider {  	private PersonalAttributeList requestedAttributes; +	 +	/** The destination. */ +	private String destination;  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) @@ -68,8 +87,58 @@ public class StorkAttributeRequestProvider implements AttributeProvider {  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String)  	 */  	@Override -	public void performRedirect(String url, HttpServletResponse resp) { +	public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp) { +		OAAuthParameter oaParam; +		 +    	String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); +    	String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); +    	String spApplication = spInstitution; +    	String spCountry = "AT"; + +    	//generate AuthnRquest +    	STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); +    	attributeRequest.setDestination(destination); +    	attributeRequest.setAssertionConsumerServiceURL(url); +    	attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); +    	attributeRequest.setQaa(oaParam.getQaaLevel()); +    	attributeRequest.setSpInstitution(spInstitution); +    	attributeRequest.setCountry(spCountry); +    	attributeRequest.setSpApplication(spApplication); +    	attributeRequest.setSpSector(spSector); +    	attributeRequest.setPersonalAttributeList(requestedAttributes); + +    	attributeRequest.setCitizenCountryCode(citizenCountryCode); + + +    	Logger.debug("STORK AttrRequest succesfully assembled."); +    	STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); +    	try { +    		attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest); +    	} catch (STORKSAMLEngineException e) { +			Logger.error("Could not sign STORK SAML AttrRequest.", e); +			throw new MOAIDException("stork.00", null); +		} + +		Logger.info("STORK AttrRequest successfully signed!"); +		 +		try { +			Logger.trace("Initialize VelocityEngine..."); + +			VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); +			Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); +			VelocityContext context = new VelocityContext(); +			context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml())); +			context.put("action", destination); + +			StringWriter writer = new StringWriter(); +			template.merge(context, writer); + +			resp.getOutputStream().write(writer.toString().getBytes()); +		} catch (Exception e) { +			Logger.error("Error sending STORK SAML AttrRequest.", e); +			throw new MOAIDException("stork.11", null); +		}  	}  } | 
