diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java | 165 |
1 files changed, 165 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java new file mode 100644 index 000000000..c1a61904d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -0,0 +1,165 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.logging.Logger; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; + +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; + +/** + * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. + * The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes. + * Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user + * interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes. + * + * TODO how do we treat mandatory and optional attributes? + * + */ +public class AttributeCollector implements IAction { + + /** The Constant ARTIFACT_ID. */ + private static final String ARTIFACT_ID = "artifactId"; + + /** The return url. */ + // TODO find correct return URL + // HTTPUtils.getBaseURL(req); + private String returnUrl = "findCorrectReturnURL"; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) + */ + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + + // read configuration parameters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + + // find the attribute provider plugin that can handle the response + IPersonalAttributeList newAttributes = null; + for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) + try { + newAttributes = current.parse(httpReq); + } catch (UnsupportedAttributeException e1) { + // the current provider cannot find anything familiar within the + // provided httpreq. Try the next one. + } + + if (null == newAttributes) { + // we do not have a provider which is capable of fetching something + // from the received httpreq. + // TODO should we continue with the next attribute? + Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); + throw new MOAIDException("stork.11", null); + } + + // - fetch the container + String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); + DataContainer container; + try { + container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); + } catch (MOADatabaseException e) { + Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); + throw new MOAIDException("stork.11", null); + } + + // - insert the embedded attribute(s) into the container + for(PersonalAttribute current : newAttributes) + container.getResponse().getPersonalAttributeList().add(current); + + // see if we need some more attributes + return processRequest(container, httpReq, httpResp, oaParam); + } + + /** + * Checks if there are missing attributes and tries to fetch them. If there are no more attribute to fetch, + * this very method creates and sends the protocol result to the asking S-PEPS. + * + * @param container the {@link DataContainer} representing the status of the overall query. + * @return the string + * @throws MOAIDException + */ + public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException { + // check if there are attributes we need to fetch + IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); + IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); + List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>(); + for(PersonalAttribute current : requestAttributeList) + if(!responseAttributeList.containsKey(current)) + missingAttributes.add(current); + + try { + // for each attribute still missing + for(PersonalAttribute currentAttribute : missingAttributes) { + // - check if we can find a suitable AttributeProvider Plugin + for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { + try { + // - hand over control to the suitable plugin + IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute); + + // - add the aquired attribute to the container + for(PersonalAttribute current : aquiredAttributes) + container.getResponse().getPersonalAttributeList().add(current); + } catch(UnsupportedAttributeException e) { + // ok, try the next attributeprovider + } + + } + } + } catch (ExternalAttributeRequestRequiredException e) { + // the attribute request is ongoing and requires an external service. + try { + // memorize the container again + // - generate new key + String newArtifactId = new SecureRandomIdentifierGenerator() + .generateIdentifier(); + + // - put container in temporary store. + AssertionStorage.getInstance().put(newArtifactId, container); + + // add container-key to redirect embedded within the return URL + e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); + } catch (Exception e1) { + // TODO should we return the response as is to the PEPS? + Logger.error("Error putting incomplete Stork response into temporary storage", e); + throw new MOAIDException("stork.11", null); + } + + return "12345"; // TODO what to do here? + } + // build response + // done + return "12345"; // AssertionId + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + public String getDefaultActionName() { + return STORKProtocol.ATTRIBUTE_COLLECTOR; + } +} |