diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 219 |
1 files changed, 113 insertions, 106 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 1f6ffaa9a..18d0b479e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -1,161 +1,168 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; -import org.apache.velocity.VelocityContext; +import eu.stork.peps.auth.commons.*; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import javax.servlet.ServletOutputStream; +import org.w3c.dom.Element; +import org.w3c.dom.NamedNodeMap; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStreamWriter; -import java.io.Writer; -import java.util.HashMap; -import eu.stork.peps.auth.engine.SAMLEngine; + /** + * Second request step - after authentication of the user is done and moasession obtained, + * process request and forward the user further to PEPS and/or other entities + * * @author bsuzic - * Date: 12/3/13, Time: 2:08 PM */ public class AuthenticationRequest implements IAction { - /* - Second request step - after authentication of the user is done and moasession obtained, - process request and forward the user further to PEPS and/or other entities - */ private VelocityEngine velocityEngine; + private AuthenticationSession moaSession = null; + private MOASTORKRequest moaStorkRequest = null; public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - Logger.debug("Starting AuthenticationRequest"); - //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); - Logger.debug("Http Response: " + httpResp.toString() + ", "); - Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); - httpResp.reset(); - //httpResp.addHeader("Location", "http:/www.google.com"); - if (req instanceof STORKAuthnRequestDEL) { - /* - Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); - StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); - - HttpSession httpSession = httpReq.getSession(); - httpSession.setAttribute("STORKSessionID", "12345"); - httpResp.setStatus(startAuthResponse.getHttpStatusCode()); - try { - ServletOutputStream os = httpResp.getOutputStream(); - String html = new String(startAuthResponse.getContent()); - - - if (html.contains("<![CDATA[")) { - Logger.info("-------- content contains <![CDATA[-----------------"); - Logger.info("-------- content contains html -----------------"); - Logger.info("HTML : " + html); - int beginIndex = html.indexOf("<![CDATA["); - int endIndex = html.indexOf("]]>"); - html = html.substring(beginIndex + 9, endIndex); - startAuthResponse.setContent(html.getBytes()); - } - Logger.info("HTML : " + html); - os.write(startAuthResponse.getContent()); - Logger.info("Response sent to client"); - } catch (IOException e) { - Logger.error("ERROR MOA"); - throw new MOAIDException("error response sending", new Object[]{}); - } - //httpSession.setAttribute("CCC", ccc); + this.moaSession = moasession; - */ - } + if (req instanceof MOASTORKRequest) { + this.moaStorkRequest = (MOASTORKRequest) req; - //httpResp.setStatus(200); - //VPEPSInboundPostHandler - - // create fresh container - DataContainer container = new DataContainer(); - - // - fill in the request we extracted above - container.setRequest(request); - - // - fill in the partial response created above - container.setResponse(response); - - // - memorize the target url were we have to return the result - container.setTarget(target); - - // see if we need to fetch further attributes - return (new AttributeCollector()).processRequest(container); - } + Logger.debug("Entering MOASTORKRequest"); + httpResp.reset(); - public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { - return true; - } + // check if it is attribute query + if (moaStorkRequest.isAttrRequest()) { + Logger.debug("Starting AttrQueryRequest"); + STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse(); + IPersonalAttributeList personalAttributeList = moaStorkRequest.getStorkAttrQueryRequest().getPersonalAttributeList(); + + // TODO Check if this instance is eligible to fetch attributes locally, assuming yes + + return (new AttributeCollector()).processRequest(req, httpReq, httpResp, moasession); + + } else + // check if we have authentication request + if (moaStorkRequest.isAuthnRequest()) { + Logger.debug("Starting AuthenticationRequest"); + + STORKAuthnResponse authnResponse = new STORKAuthnResponse(); + authnResponse.setCountry(moaStorkRequest.getStorkAuthnRequest().getSpCountry()); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + + // Get personal attributtes from MOA/IdentityLink + authnResponse.setPersonalAttributeList(populateAttributes()); + + // Prepare extended attributes + Logger.debug("Preparing data container"); + + // create fresh container + DataContainer container = new DataContainer(); + + // - fill in the request we extracted above + container.setRequest(moaStorkRequest.getStorkAuthnRequest()); + // - fill in the partial response created above + container.setResponse(authnResponse); - /* + // - memorize the target url were we have to return the result + container.setTarget(moaStorkRequest.getStorkAuthnRequest().getAssertionConsumerServiceURL()); - public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) { + container.setRemoteAddress(httpReq.getRemoteAddr()); - StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap<String, String>()); - if (authnRequest.getSPID() != null) { - Logger.debug("SP id: " + authnRequest.getSPID()); + Logger.debug("Data container prepared"); + + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + + } } else { - SpInstitution spInstitution = (SpInstitution)authnRequest.getExtensions().getUnknownXMLObjects(SpInstitution.DEFAULT_ELEMENT_NAME).get(0); - Logger.debug("SP institution: " + spInstitution.getValue()); + Logger.error("Could not recognize request."); + throw new MOAIDException("stork.15", null); } - Logger.debug("SPEPS issuer: " + authnRequest.getIssuer().getValue()); - Logger.debug("SPEPS Consumer URL: " + authnRequest.getAssertionConsumerServiceURL()); + return null; + } + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + return true; + } - try { + private void iterate(NamedNodeMap attributesList) { + for (int j = 0; j < attributesList.getLength(); j++) { + Logger.debug("--Attribute: " + + attributesList.item(j).getNodeName() + " = " + + attributesList.item(j).getNodeValue()); + } + } - initVelocityEngine(); - VelocityContext velocityContext = new VelocityContext(); - velocityContext.put("action", authnRequest.getDestination()); - if (authnRequest.getDOM() == null) { - SAMLUtil.marshallMessage(authnRequest); + // does nothing + public void mandate(AuthenticationSession moasession) { + + if (moasession.getUseMandate()) { + try { + MISMandate mandate = moasession.getMISMandate(); + String owbpk = mandate.getOWbPK(); + byte[] mand = mandate.getMandate(); + String profprep = mandate.getProfRep(); + //String textdesc = mandate.getTextualDescriptionOfOID(); + Element mndt = moasession.getMandate(); + + iterate(mndt.getAttributes()); + Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); + } catch (Exception x) { + Logger.debug("There is no mandate used in transaction"); } + } - String messageXML = XMLHelper.nodeToString(authnRequest.getDOM()); - String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES); - velocityContext.put("SAMLRequest", encodedMessage); - ByteArrayOutputStream outStream = new ByteArrayOutputStream(); - Writer out = new OutputStreamWriter(outStream, "UTF-8"); - velocityEngine.mergeTemplate("/templates/saml2-post-binding.vm", "UTF-8", velocityContext, out); - out.flush(); - authResponse.setContent(outStream.toByteArray()); + } + + public PersonalAttributeList populateAttributes() { - authResponse.addHeader("Content-Type", "text/html; charset=utf-8"); - authResponse.addHeader("Cache-Control", "no-cache"); - authResponse.setHttpStatusCode(200); + IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); + Logger.info("Found " + attrLst.size() + " personal attributes in the request."); + // Define attribute list to be populated + PersonalAttributeList attributeList = new PersonalAttributeList(); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest); + + try { + for (PersonalAttribute personalAttribute : attrLst) { + Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); + moaAttributeProvider.populateAttribute(attributeList, personalAttribute); + } } catch (Exception e) { - Logger.error("ERROR"); + Logger.error("Exception, attributes: " + e.getMessage()); } + Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock()); + Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName()); + Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier()); + Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken()); - return authResponse; + return attributeList; } - */ - public String getDefaultActionName() { return STORKProtocol.AUTHENTICATIONREQUEST; } |