aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java219
1 files changed, 113 insertions, 106 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 1f6ffaa9a..18d0b479e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -1,161 +1,168 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
-import org.apache.velocity.VelocityContext;
+import eu.stork.peps.auth.commons.*;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
-import org.opensaml.xml.util.Base64;
-import org.opensaml.xml.util.XMLHelper;
-import javax.servlet.ServletOutputStream;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
-import java.util.HashMap;
-import eu.stork.peps.auth.engine.SAMLEngine;
+
/**
+ * Second request step - after authentication of the user is done and moasession obtained,
+ * process request and forward the user further to PEPS and/or other entities
+ *
* @author bsuzic
- * Date: 12/3/13, Time: 2:08 PM
*/
public class AuthenticationRequest implements IAction {
- /*
- Second request step - after authentication of the user is done and moasession obtained,
- process request and forward the user further to PEPS and/or other entities
- */
private VelocityEngine velocityEngine;
+ private AuthenticationSession moaSession = null;
+ private MOASTORKRequest moaStorkRequest = null;
public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
- Logger.debug("Starting AuthenticationRequest");
- //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession);
- Logger.debug("Http Response: " + httpResp.toString() + ", ");
- Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget());
- httpResp.reset();
- //httpResp.addHeader("Location", "http:/www.google.com");
- if (req instanceof STORKAuthnRequestDEL) {
- /*
- Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel());
- StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest());
-
- HttpSession httpSession = httpReq.getSession();
- httpSession.setAttribute("STORKSessionID", "12345");
- httpResp.setStatus(startAuthResponse.getHttpStatusCode());
- try {
- ServletOutputStream os = httpResp.getOutputStream();
- String html = new String(startAuthResponse.getContent());
-
-
- if (html.contains("<![CDATA[")) {
- Logger.info("-------- content contains <![CDATA[-----------------");
- Logger.info("-------- content contains html -----------------");
- Logger.info("HTML : " + html);
- int beginIndex = html.indexOf("<![CDATA[");
- int endIndex = html.indexOf("]]>");
- html = html.substring(beginIndex + 9, endIndex);
- startAuthResponse.setContent(html.getBytes());
- }
- Logger.info("HTML : " + html);
- os.write(startAuthResponse.getContent());
- Logger.info("Response sent to client");
- } catch (IOException e) {
- Logger.error("ERROR MOA");
- throw new MOAIDException("error response sending", new Object[]{});
- }
- //httpSession.setAttribute("CCC", ccc);
+ this.moaSession = moasession;
- */
- }
+ if (req instanceof MOASTORKRequest) {
+ this.moaStorkRequest = (MOASTORKRequest) req;
- //httpResp.setStatus(200);
- //VPEPSInboundPostHandler
-
- // create fresh container
- DataContainer container = new DataContainer();
-
- // - fill in the request we extracted above
- container.setRequest(request);
-
- // - fill in the partial response created above
- container.setResponse(response);
-
- // - memorize the target url were we have to return the result
- container.setTarget(target);
-
- // see if we need to fetch further attributes
- return (new AttributeCollector()).processRequest(container);
- }
+ Logger.debug("Entering MOASTORKRequest");
+ httpResp.reset();
- public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
- return true;
- }
+ // check if it is attribute query
+ if (moaStorkRequest.isAttrRequest()) {
+ Logger.debug("Starting AttrQueryRequest");
+ STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse();
+ IPersonalAttributeList personalAttributeList = moaStorkRequest.getStorkAttrQueryRequest().getPersonalAttributeList();
+
+ // TODO Check if this instance is eligible to fetch attributes locally, assuming yes
+
+ return (new AttributeCollector()).processRequest(req, httpReq, httpResp, moasession);
+
+ } else
+ // check if we have authentication request
+ if (moaStorkRequest.isAuthnRequest()) {
+ Logger.debug("Starting AuthenticationRequest");
+
+ STORKAuthnResponse authnResponse = new STORKAuthnResponse();
+ authnResponse.setCountry(moaStorkRequest.getStorkAuthnRequest().getSpCountry());
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+
+ // Get personal attributtes from MOA/IdentityLink
+ authnResponse.setPersonalAttributeList(populateAttributes());
+
+ // Prepare extended attributes
+ Logger.debug("Preparing data container");
+
+ // create fresh container
+ DataContainer container = new DataContainer();
+
+ // - fill in the request we extracted above
+ container.setRequest(moaStorkRequest.getStorkAuthnRequest());
+ // - fill in the partial response created above
+ container.setResponse(authnResponse);
- /*
+ // - memorize the target url were we have to return the result
+ container.setTarget(moaStorkRequest.getStorkAuthnRequest().getAssertionConsumerServiceURL());
- public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) {
+ container.setRemoteAddress(httpReq.getRemoteAddr());
- StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap<String, String>());
- if (authnRequest.getSPID() != null) {
- Logger.debug("SP id: " + authnRequest.getSPID());
+ Logger.debug("Data container prepared");
+
+ return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
+
+ }
} else {
- SpInstitution spInstitution = (SpInstitution)authnRequest.getExtensions().getUnknownXMLObjects(SpInstitution.DEFAULT_ELEMENT_NAME).get(0);
- Logger.debug("SP institution: " + spInstitution.getValue());
+ Logger.error("Could not recognize request.");
+ throw new MOAIDException("stork.15", null);
}
- Logger.debug("SPEPS issuer: " + authnRequest.getIssuer().getValue());
- Logger.debug("SPEPS Consumer URL: " + authnRequest.getAssertionConsumerServiceURL());
+ return null;
+ }
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ return true;
+ }
- try {
+ private void iterate(NamedNodeMap attributesList) {
+ for (int j = 0; j < attributesList.getLength(); j++) {
+ Logger.debug("--Attribute: "
+ + attributesList.item(j).getNodeName() + " = "
+ + attributesList.item(j).getNodeValue());
+ }
+ }
- initVelocityEngine();
- VelocityContext velocityContext = new VelocityContext();
- velocityContext.put("action", authnRequest.getDestination());
- if (authnRequest.getDOM() == null) {
- SAMLUtil.marshallMessage(authnRequest);
+ // does nothing
+ public void mandate(AuthenticationSession moasession) {
+
+ if (moasession.getUseMandate()) {
+ try {
+ MISMandate mandate = moasession.getMISMandate();
+ String owbpk = mandate.getOWbPK();
+ byte[] mand = mandate.getMandate();
+ String profprep = mandate.getProfRep();
+ //String textdesc = mandate.getTextualDescriptionOfOID();
+ Element mndt = moasession.getMandate();
+
+ iterate(mndt.getAttributes());
+ Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
+ } catch (Exception x) {
+ Logger.debug("There is no mandate used in transaction");
}
+ }
- String messageXML = XMLHelper.nodeToString(authnRequest.getDOM());
- String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
- velocityContext.put("SAMLRequest", encodedMessage);
- ByteArrayOutputStream outStream = new ByteArrayOutputStream();
- Writer out = new OutputStreamWriter(outStream, "UTF-8");
- velocityEngine.mergeTemplate("/templates/saml2-post-binding.vm", "UTF-8", velocityContext, out);
- out.flush();
- authResponse.setContent(outStream.toByteArray());
+ }
+
+ public PersonalAttributeList populateAttributes() {
- authResponse.addHeader("Content-Type", "text/html; charset=utf-8");
- authResponse.addHeader("Cache-Control", "no-cache");
- authResponse.setHttpStatusCode(200);
+ IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
+ Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
+ // Define attribute list to be populated
+ PersonalAttributeList attributeList = new PersonalAttributeList();
+ MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest);
+
+ try {
+ for (PersonalAttribute personalAttribute : attrLst) {
+ Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
+ moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
+ }
} catch (Exception e) {
- Logger.error("ERROR");
+ Logger.error("Exception, attributes: " + e.getMessage());
}
+ Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock());
+ Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName());
+ Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier());
+ Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken());
- return authResponse;
+ return attributeList;
}
- */
-
public String getDefaultActionName() {
return STORKProtocol.AUTHENTICATIONREQUEST;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 04:51:20 +0000