diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java new file mode 100644 index 000000000..c32c9d791 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java @@ -0,0 +1,114 @@ +package at.gv.egovernment.moa.id.auth.tasks.stork;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.tasks.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Creates a SAML2 STORK authentication request, embeds it in a form (in order to satisfy saml post binging) and returns the form withing the HttpServletResponse.<p/>
+ * In detail:
+ * <ul>
+ * <li>Validates the stork configuration in order to make sure the selected country is supported.</li>
+ * <li>Puts a flag ({@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}) into the ExecutionContext reflecting the capability of the C-PEPS to create xml signatures.</li>
+ * <li>Invokes {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)} which</li>
+ * <ul>
+ * <li>Creates and signs a SAML2 stork authentication request.</li>
+ * <li>Creates a signature request for auth block signature (either to be performed by the C-PEPS or locally).</li>
+ * <li>Using the velocity template engine in order to create a form with the embedded stork request.</li>
+ * <li>Writes the form to the response output stream.</li>
+ * </ul>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * <li>Property {@code ccc} set within the moa session.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Form containing a SAML2 Stork authentication request and an action url pointing to the selected C-PEPS.</li>
+ * <li>Assertion consumer URL for C-PEPS set either to {@code /PEPSConnector} in case of a C-PEPS supporting xml signatures or {@code /PEPSConnectorWithLocalSigning} if the selected C-PEPS does not support xml signatures.</li>
+ * <li>In case of a C-PEPS not supporting xml signature: moasession with set signedDoc property (containing the signature request for local signing).</li>
+ * <li>ExecutionContext contains the boolean flag {@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}.
+ * </ul>
+ * Code taken from {@link StartAuthenticationBuilder#build(AuthenticationSession, HttpServletRequest, HttpServletResponse)}.<br/>
+ * Using {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)}
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
+
+ /**
+ * Boolean value reflecting the capability of the selected c-peps of creating xml signatures.
+ */
+ public static final String PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED = "C-PEPS:XMLSignatureSupported";
+
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+ throws Exception {
+
+ String pendingRequestID = null;
+ String sessionID = null;
+ try {
+ setNoCachingHeaders(resp);
+
+ sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+ throw new WrongParametersException("CreateStorkAuthRequestFormTask", PARAM_SESSIONID, "auth.12");
+ }
+ AuthenticationSession moasession = AuthenticationServer.getSession(sessionID);
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
+ if (StringUtils.isEmpty(moasession.getCcc())) {
+ // illegal state; task should not have been executed without a selected country
+ throw new AuthenticationException("stork.22", new Object[] { sessionID });
+ }
+ STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+ if (!storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+ throw new AuthenticationException("stork.23", new Object[] { moasession.getCcc(), sessionID });
+ }
+
+ // STORK authentication
+ // cpeps cannot be null
+ CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
+ Logger.debug("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
+ executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported());
+
+ Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc());
+ AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
+
+ } catch (MOAIDException ex) {
+ handleError(null, ex, req, resp, pendingRequestID);
+
+ } catch (Exception e) {
+ Logger.error("CreateStorkAuthRequestFormTask has an interal Error.", e);
+ throw new MOAIDException("Internal error.", new Object[] { sessionID }, e);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+ }
+
+}
|