1 files changed, 170 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
new file mode 100644
index 000000000..ff30919bc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
@@ -0,0 +1,170 @@
+/**

+ * 

+ */

+package at.gv.egovernment.moa.id.auth.stork;

+

+import javax.servlet.http.HttpServletRequest;

+import javax.servlet.http.HttpServletResponse;

+

+import org.apache.commons.lang.StringEscapeUtils;

+import org.apache.commons.lang.StringUtils;

+import org.apache.velocity.app.VelocityEngine;

+import org.opensaml.common.binding.BasicSAMLMessageContext;

+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;

+import org.opensaml.saml2.metadata.AssertionConsumerService;

+import org.opensaml.saml2.metadata.Endpoint;

+import org.opensaml.saml2.metadata.RequestedAttribute;

+import org.opensaml.ws.transport.http.HTTPOutTransport;

+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;

+import org.opensaml.xml.security.credential.Credential;

+

+import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;

+import at.gv.egovernment.moa.id.util.HTTPUtils;

+import at.gv.egovernment.moa.logging.Logger;

+import eu.stork.mw.messages.saml.STORKAuthnRequest;

+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;

+import eu.stork.vidp.messages.exception.SAMLException;

+import eu.stork.vidp.messages.exception.SAMLValidationException;

+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;

+import eu.stork.vidp.messages.stork.RequestedAttributes;

+import eu.stork.vidp.messages.util.SAMLUtil;

+

+/**

+ * Class handling all necessary functionality for STORK AuthnRequest processing

+ * 

+ * @author bzwattendorfer

+ *

+ */

+public class STORKAuthnRequestProcessor {

+	

+	/**

+	 * Creates a STORK AuthnRequest

+	 * @param destination Destination URL

+	 * @param acsURL Assertion Consumer Service URL

+	 * @param providerName SP Provider Name

+	 * @param issuerValue Issuer Name

+	 * @param qaaLevel STORK QAALevel to be requested

+	 * @param requestedAttributes Requested Attributes to be requested

+	 * @param spSector Sp Sector

+	 * @param spInstitution SP Institution

+	 * @param spApplication SP Application

+	 * @param spCountry SP Country

+	 * @param textToBeSigned text to be included in signedDoc element

+	 * @param mimeType mimeType for the text to be signed in signedDoc

+	 * @return STORK AuthnRequest

+	 */

+	public static STORKAuthnRequest generateSTORKAuthnRequest(

+			String destination, 

+			String acsURL, 

+			String providerName, 

+			String issuerValue, 

+			QualityAuthenticationAssuranceLevel qaaLevel, 

+			RequestedAttributes requestedAttributes, 

+			String spSector, 

+			String spInstitution, 

+			String spApplication, 

+			String spCountry,

+			String textToBeSigned,

+			String mimeType) {

+		

+			

+		STORKAuthnRequest storkAuthnRequest =  

+			STORKMessagesBuilder.buildSTORKAuthnRequest(

+					destination, 

+					acsURL, 

+					providerName, 

+					issuerValue, 

+					qaaLevel, 

+					requestedAttributes, 

+					spSector, 

+					spInstitution, 

+					spApplication, 

+					spCountry);				

+		

+		STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true);

+		

+		Logger.debug("Added signedDoc attribute to STORK AuthnRequest");

+		

+		return storkAuthnRequest;

+		

+	}

+	

+	/**

+	 * Signs a STORK AuthnRequest

+	 * @param storkAuthnRequest STORK AuthRequest to sign

+	 * @param keyStorePath KeyStorePath to the signing key

+	 * @param keyStorePassword KeyStore Password

+	 * @param keyName Signing key name

+	 * @param keyPassword Signing key password

+	 * @return Signed STORK AuthnRequest

+	 * @throws SAMLException

+	 */

+	public static STORKAuthnRequest signSTORKAuthnRequest(

+			STORKAuthnRequest storkAuthnRequest,

+			String keyStorePath,

+			String keyStorePassword,

+			String keyName,

+			String keyPassword) throws SAMLException {

+		

+		Logger.trace("Building Credential Provider for signing process");

+		

+		CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword);

+		

+		Credential credential = credentialProvider.getCredential();

+		

+		Logger.trace("Credentials found");

+		

+		SAMLUtil.signSAMLObject(storkAuthnRequest, credential);

+		

+		return storkAuthnRequest;

+	}

+	

+	/**

+	 * Validates a STORK AuthnRequest

+	 * @param storkAuthnRequest STORK AuthnRequest to validate

+	 * @throws SAMLValidationException

+	 */

+	public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException {

+				

+		SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator");

+		

+	}

+	

+	/**

+	 * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest)

+	 * @param request HttpServletRequest

+	 * @param response HttpServletResponse

+	 * @param storkAuthnRequest STORK AuthnRequest to send

+	 * @throws Exception

+	 */

+	public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception {

+		

+		Logger.trace("Create endpoint...");

+		Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);

+		endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");

+		endpoint.setLocation(storkAuthnRequest.getDestination());

+

+		

+		Logger.trace("Prepare SAMLMessageContext...");

+		HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure());		

+		BasicSAMLMessageContext<?, STORKAuthnRequest, ?> samlMessageContext = new BasicSAMLMessageContext();

+		samlMessageContext.setOutboundMessageTransport(outTransport);

+		samlMessageContext.setPeerEntityEndpoint(endpoint);

+

+		Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext...");

+		samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest);

+				

+		Logger.trace("Initialize VelocityEngine...");

+

+		VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();

+		

+//		HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm");

+		HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm");

+

+		Logger.trace("HTTP-Post encode SAMLMessageContext...");

+		encoder.encode(samlMessageContext);

+	}

+		

+	

+	

+}