diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2')
15 files changed, 616 insertions, 371 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 2056ddf08..0317322ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -1,5 +1,9 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.io.StringWriter; +import java.util.ArrayList; +import java.util.List; + import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -12,12 +16,11 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.commons.io.IOUtils; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; @@ -25,18 +28,13 @@ import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.IOException; -import java.io.StringWriter; -import java.util.ArrayList; -import java.util.List; /** * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. * The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes. * Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user * interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes. - * <p/> + * * TODO how do we treat mandatory and optional attributes? */ public class AttributeCollector implements IAction { @@ -45,19 +43,24 @@ public class AttributeCollector implements IAction { * The Constant ARTIFACT_ID. */ private static final String ARTIFACT_ID = "artifactId"; - private DataContainer container; - private HttpServletResponse httpResp; - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) */ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - this.httpResp = httpResp; + // - fetch the container + String artifactId = (String) httpReq.getParameter(ARTIFACT_ID); + DataContainer container; + try { + container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); + } catch (MOADatabaseException e) { + Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); + throw new MOAIDException("stork.11", null); + } // read configuration parameters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); @@ -66,35 +69,22 @@ public class AttributeCollector implements IAction { for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) try { newAttributes = current.parse(httpReq); + + // stop as soon as we hit a capable plugin + break; } catch (UnsupportedAttributeException e1) { // the current provider cannot find anything familiar within the // provided httpreq. Try the next one. - // TODO check the loop } if (null == newAttributes) { // we do not have a provider which is capable of fetching something // from the received httpreq. - // TODO should we continue with the next attribute? Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); - throw new MOAIDException("stork.11", null); - } - - // - fetch the container - String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); - DataContainer container; - try { - container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); - } catch (MOADatabaseException e) { - Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); - throw new MOAIDException("stork.11", null); } - - // - insert the embedded attribute(s) into the container - for (PersonalAttribute current : newAttributes) - container.getResponse().getPersonalAttributeList().add(current); + addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes); // see if we need some more attributes return processRequest(container, httpReq, httpResp, moasession, oaParam); @@ -110,8 +100,6 @@ public class AttributeCollector implements IAction { */ public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { // check if there are attributes we need to fetch - this.httpResp = response; - this.container = container; IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -124,33 +112,42 @@ public class AttributeCollector implements IAction { try { // for each attribute still missing for (PersonalAttribute currentAttribute : missingAttributes) { - // - check if we can find a suitable AttributeProvider Plugin + + /* + * prefill attributes with "notAvailable". If we get them later, we override the value and status. + * This way, there is no error case in which an attribute is left unanswered. + */ + IPersonalAttributeList aquiredAttributes = new PersonalAttributeList(); + currentAttribute.setStatus("notAvailable"); + addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); + + // - check if we can find a suitable AttributeProvider Plugin for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { try { // - hand over control to the suitable plugin - IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); - - // - add the aquired attribute to the container - for (PersonalAttribute current : aquiredAttributes) - container.getResponse().getPersonalAttributeList().add(current); - //TODO: return after first AP - + aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); + break; } catch (UnsupportedAttributeException e) { // ok, try the next attributeprovider } catch (MOAIDException e) { // the current plugin had an error. Try the next one. - // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop } - } + + // check if we could fetch the attribute + if (null == aquiredAttributes) { + // if not + Logger.error("We have no suitable plugin for obtaining the attribute '" + currentAttribute.getName() + "'"); + } else + // else, update any existing attributes + addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); } // build response - generateSTORKResponse(); + generateSTORKResponse(container); // set new http response - generateRedirectResponse(); - response = httpResp; + generateRedirectResponse(response, container); return "12345"; // AssertionId @@ -165,34 +162,37 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); - - - + e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? - Logger.error("Error putting incomplete Stork response into temporary storage", e); + Logger.error("Error putting incomplete Stork response into temporary storage", e1); throw new MOAIDException("stork.11", null); } return "12345"; // TODO what to do here? } - - } - - private void generateSTORKResponse() throws MOAIDException { - STORKAuthnResponse authnResponse = container.getResponse(); - STORKAuthnRequest authnRequest = container.getRequest(); + /** + * generates binary response from given response class. + * + * @param container the container + * @throws MOAIDException the mOAID exception + */ + private void generateSTORKResponse(DataContainer container) throws MOAIDException { + MOASTORKRequest request = container.getRequest(); + MOASTORKResponse response = container.getResponse(); try { //Get SAMLEngine instance STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); Logger.debug("Starting generation of SAML response"); - authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false); - + if(response.isAuthnResponse()) + response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false)); + else + response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false)); + //generateSAML Token Logger.info("SAML response succesfully generated!"); } catch (STORKSAMLEngineException e) { @@ -201,36 +201,32 @@ public class AttributeCollector implements IAction { } Logger.info("STORK SAML Response message succesfully generated "); - String statusCodeValue = authnResponse.getStatusCode(); - - try { - Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); - Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works - Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); - - } catch (IOException e) { - e.printStackTrace(); - } - - container.setResponse(authnResponse); - } - - private void generateRedirectResponse() { - STORKAuthnResponse authnResponse = container.getResponse(); - STORKAuthnRequest authnRequest = container.getRequest(); - + /** + * writes the storkresponse to the httpresponse using the velocity engine. + * + * @param httpResp the http resp + * @param container the container + */ + private void generateRedirectResponse(HttpServletResponse httpResp, DataContainer container) { + MOASTORKResponse authnResponse = container.getResponse(); + MOASTORKRequest authnRequest = container.getRequest(); // preparing redirection for the client - try { VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); VelocityContext context = new VelocityContext(); + + byte[] blob; + if(authnRequest.isAttrRequest()) + blob = authnResponse.getStorkAttrQueryResponse().getTokenSaml(); + else + blob = authnResponse.getStorkAuthnResponse().getTokenSaml(); - context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); - Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob)); + Logger.debug("SAMLResponse original: " + new String(blob)); Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); context.put("action", authnRequest.getAssertionConsumerServiceURL()); @@ -244,25 +240,36 @@ public class AttributeCollector implements IAction { Logger.debug("Sending html content: " + writer.getBuffer().toString()); Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); - httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); } catch (Exception e) { Logger.error("Velocity error: " + e.getMessage()); } - - //HttpSession httpSession = this.httpResp.getSession(); - //httpSession.setAttribute("STORKSessionID", "12345"); - //Logger.info("Status code again: " + authnResponse.getStatusCode()); - - //return "12345"; // AssertionId } + + /** + * Adds or updates all {@link PersonalAttribute} objects given in {@code source} to/in {@code target}. + * + * @param target the target + * @param source the source + */ + private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) { + for (PersonalAttribute current : source) { + // check if we need to update the current pa + if (target.containsKey(current.getName())) { + target.get(current.getName()).setStatus(current.getStatus()); + target.get(current.getName()).setValue(current.getValue()); + target.get(current.getName()).setComplexValue(current.getComplexValue()); + } else + target.add(current); + } + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { - // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. + // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. return false; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 59376fef6..d92b0b72f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -34,13 +34,13 @@ public interface AttributeProvider { * Perform redirect. * * @param url the return URL ending with ?artifactId=... - * @param citizenCountyCode the citizen county code + * @param spCountyCode the sp county code * @param req the request we got from the S-PEPS and for which we have to ask our APs * @param resp the response to the preceding request * @param oaParam the oa param - * @throws MOAIDException + * @throws MOAIDException the mOAID exception */ - public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; + public void performRedirect(String url, String spCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; /** * Parses the response we got from the external attribute provider. @@ -52,4 +52,5 @@ public interface AttributeProvider { */ public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 97bb6f480..538e59401 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -1,10 +1,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; + import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; - /** * A factory for creating AttributeProvider objects. */ @@ -19,10 +19,12 @@ public class AttributeProviderFactory { List<String> result = new ArrayList<String>(); result.add("StorkAttributeRequestProvider"); result.add("EHvdAttributeProvider"); - result.add("SignedDocAttributeRequestProvider"); + result.add("SignedDocAttributeRequestProvider"); + result.add("MISAttributeProvider"); - return result; - } + + return result; + } /** * Creates an AttributeProvider object for the given shortname. Returns @@ -37,26 +39,28 @@ public class AttributeProviderFactory { return new StorkAttributeRequestProvider(url); } else if(shortname.equals("EHvdAttributeProvider")) { return new EHvdAttributeProviderPlugin(url); - } else if(shortname.equals("SignedDocAttributeRequestProvider")) { - return new SignedDocAttributeRequestProvider(url); - } else { + } else if(shortname.equals("SignedDocAttributeRequestProvider")) { + return new SignedDocAttributeRequestProvider(url); + } else if (shortname.equals("MISAttributeProvider")) { + return new MISAttributeProvider(url); + } else { return null; } } - /** - * Gets fresh instances of the configured plugins. - * - * @param configuredAPs the configured a ps - * @return the configured plugins - */ - public static List<AttributeProvider> getConfiguredPlugins( - List<AttributeProviderPlugin> configuredAPs) { - - List<AttributeProvider> result = new ArrayList<AttributeProvider>(); - for(AttributeProviderPlugin current : configuredAPs) - result.add(create(current.getName(), current.getUrl())); - - return result; - } + /** + * Gets fresh instances of the configured plugins. + * + * @param configuredAPs the configured a ps + * @return the configured plugins + */ + public static List<AttributeProvider> getConfiguredPlugins( + List<AttributeProviderPlugin> configuredAPs) { + + List<AttributeProvider> result = new ArrayList<AttributeProvider>(); + for (AttributeProviderPlugin current : configuredAPs) + result.add(create(current.getName(), current.getUrl())); + + return result; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index d4996c26a..619935abe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -3,115 +3,96 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; -import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; -import edu.emory.mathcs.backport.java.util.Collections; import eu.stork.peps.auth.commons.*; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.commons.io.IOUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import javax.servlet.ServletOutputStream; +import org.w3c.dom.Element; +import org.w3c.dom.NamedNodeMap; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.*; -import java.util.HashMap; -import eu.stork.peps.auth.engine.SAMLEngine; /** + * Second request step - after authentication of the user is done and moasession obtained, + * process request and forward the user further to PEPS and/or other entities + * * @author bsuzic - * Date: 12/3/13, Time: 2:08 PM */ public class AuthenticationRequest implements IAction { - /* - Second request step - after authentication of the user is done and moasession obtained, - process request and forward the user further to PEPS and/or other entities - */ private VelocityEngine velocityEngine; - private AuthenticationSession moaSession; - private MOASTORKAuthnRequest moaStorkAuthnRequest; + private AuthenticationSession moaSession = null; + private MOASTORKRequest moaStorkRequest = null; public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { this.moaSession = moasession; - this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req; - - Logger.debug("Starting AuthenticationRequest"); - //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); - Logger.debug("Http Response: " + httpResp.toString() + ", "); - Logger.debug("Remote user: " + httpReq.getRemoteAddr()); - Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); - httpResp.reset(); - - STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry("AT"); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + if (req instanceof MOASTORKRequest) { + this.moaStorkRequest = (MOASTORKRequest) req; - // Prepare basic AT attributes - try { - IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); - Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); - + Logger.debug("Entering MOASTORKRequest"); + httpResp.reset(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); - for (PersonalAttribute personalAttribute : moaAttrList) { - Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); - if (personalAttribute.getValue().size() > 0) { - for (String value : personalAttribute.getValue()) { - Logger.info(" Value found: " + value); - } - } + MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); + + // check if it is attribute query + if (moaStorkRequest.isAttrRequest()) { + Logger.debug("Starting AttrQueryRequest"); + + moaStorkResponse.setSTORKAttrResponse(new STORKAttrQueryResponse()); } + // check if we have authentication request + else if (moaStorkRequest.isAuthnRequest()) { + Logger.debug("Starting AuthenticationRequest"); - } catch (Exception e) { - Logger.error("Exception, attributes: " + e.getMessage()); - } + moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); + // Get personal attributtes from MOA/IdentityLink + moaStorkResponse.setPersonalAttributeList(populateAttributes()); + } + + moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); - // Get personal attributtes from MOA/IdentityLink - authnResponse.setPersonalAttributeList(populateAttributes()); + // Prepare extended attributes + Logger.debug("Preparing data container"); - // Prepare extended attributes - Logger.debug("Preparing data container"); + // create fresh container + DataContainer container = new DataContainer(); - // create fresh container - DataContainer container = new DataContainer(); + // - fill in the request we extracted above + container.setRequest(moaStorkRequest); - // - fill in the request we extracted above - container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); - - // - fill in the partial response created above - container.setResponse(authnResponse); - - // - memorize the target url were we have to return the result - container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + // - fill in the partial response created above + container.setResponse(moaStorkResponse); - container.setRemoteAddress(httpReq.getRemoteAddr()); + // - memorize the target url were we have to return the result + container.setTarget(moaStorkRequest.getAssertionConsumerServiceURL()); + container.setRemoteAddress(httpReq.getRemoteAddr()); - Logger.debug("Data container prepared"); - return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + Logger.debug("Data container prepared"); + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + } else { + Logger.error("Could not recognize request."); + throw new MOAIDException("stork.15", null); + } } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { @@ -119,21 +100,52 @@ public class AuthenticationRequest implements IAction { } + private void iterate(NamedNodeMap attributesList) { + for (int j = 0; j < attributesList.getLength(); j++) { + Logger.debug("--Attribute: " + + attributesList.item(j).getNodeName() + " = " + + attributesList.item(j).getNodeValue()); + } + } + + + // does nothing + public void mandate(AuthenticationSession moasession) { + + if (moasession.getUseMandate()) { + try { + MISMandate mandate = moasession.getMISMandate(); + String owbpk = mandate.getOWbPK(); + byte[] mand = mandate.getMandate(); + String profprep = mandate.getProfRep(); + //String textdesc = mandate.getTextualDescriptionOfOID(); + Element mndt = moasession.getMandate(); + + iterate(mndt.getAttributes()); + Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); + } catch (Exception x) { + Logger.debug("There is no mandate used in transaction"); + } + } + + + } + public PersonalAttributeList populateAttributes() { - IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList(); - Logger.info("Found " + attrLst.size() + " personal attributes in the request." ); + IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); + Logger.info("Found " + attrLst.size() + " personal attributes in the request."); // Define attribute list to be populated PersonalAttributeList attributeList = new PersonalAttributeList(); - MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink()); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest); try { for (PersonalAttribute personalAttribute : attrLst) { Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); moaAttributeProvider.populateAttribute(attributeList, personalAttribute); } - } catch (Exception e) { + } catch (Exception e) { Logger.error("Exception, attributes: " + e.getMessage()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java index 44ad0000a..74239318b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java @@ -2,10 +2,6 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.io.Serializable; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; - -// TODO: Auto-generated Javadoc /** * Holds info about an ongoing but yet incomplete stork authnrequest process. */ @@ -15,31 +11,33 @@ public class DataContainer implements Serializable { private static final long serialVersionUID = -8765997480582363012L; /** The incoming request. */ - private STORKAuthnRequest request; + private MOASTORKRequest request; /** The yet incomplete response. */ - private STORKAuthnResponse response; + private MOASTORKResponse response; /** The target. */ private String target; - private String remoteAddress; - - /** + + /** The remote address. */ + private String remoteAddress; + + /** * Gets the request. * * @return the request */ - public STORKAuthnRequest getRequest() { + public MOASTORKRequest getRequest() { return request; } /** * Sets the request. * - * @param request the new request + * @param moaStorkRequest the new request */ - public void setRequest(STORKAuthnRequest request) { - this.request = request; + public void setRequest(MOASTORKRequest moaStorkRequest) { + this.request = moaStorkRequest; } /** @@ -47,17 +45,17 @@ public class DataContainer implements Serializable { * * @return the response */ - public STORKAuthnResponse getResponse() { + public MOASTORKResponse getResponse() { return response; } /** * Sets the response. * - * @param response the new response + * @param moaStorkResponse the new response */ - public void setResponse(STORKAuthnResponse response) { - this.response = response; + public void setResponse(MOASTORKResponse moaStorkResponse) { + this.response = moaStorkResponse; } /** @@ -77,13 +75,22 @@ public class DataContainer implements Serializable { public void setTarget(String target) { this.target = target; } - - /* - Sets IP address - */ - public void setRemoteAddress(String address) { this.remoteAddress = address; } - public String getRemoteAddress() { - return this.remoteAddress; - } - + + /** + * Gets the remote address. + * + * @return the remote address + */ + public String getRemoteAddress() { + return remoteAddress; + } + + /** + * Sets the remote address. + * + * @param remoteAddress the new remote address + */ + public void setRemoteAddress(String remoteAddress) { + this.remoteAddress = remoteAddress; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 758b70f2d..d387bfcea 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -8,6 +8,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPBody; @@ -27,6 +28,7 @@ import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -60,7 +62,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { ExternalAttributeRequestRequiredException, MOAIDException { // break when we cannot handle the requested attribute - if(!attributes.getFriendlyName().equals("isHCP")) + if(!attributes.getName().equals("isHealthCareProfessional")) throw new UnsupportedAttributeException(); try { @@ -94,8 +96,9 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { // SOAP Body SOAPBody requestBody = envelope.getBody(); SOAPElement requestBodyElem = requestBody.addChildElement("IsHealthcareProfessional"); + requestBodyElem.addAttribute(new QName("xmlns"), "http://gesundheit.gv.at/BAGDAD/DataAccessService"); SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK"); - requestBodyElem1.addTextNode(moasession.getIdentityLink().getIdentificationValue()); + requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(moasession.getIdentityLink().getIdentificationValue(), "GH")); requestMessage.saveChanges(); @@ -153,26 +156,34 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { if (collection.get("IsHealthcareProfessional").equals("false")) { // the citizen is no HCP - acquiredAttribute = new PersonalAttribute("isHCP", false, new ArrayList<String>(), "NotAvailable"); + acquiredAttribute = new PersonalAttribute("isHealthCareProfessional", false, new ArrayList<String>(), "NotAvailable"); } else { // go on and parse the data Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + + // create the root element + Element root = doc.createElement("isHealthCareProfessional"); + doc.appendChild(root); Element orgname = doc.createElement("nameOfOrganisation"); - orgname.appendChild(doc.createTextNode(collection.get("NameOfOrganization"))); - doc.appendChild(orgname); + orgname.appendChild(doc.createTextNode(collection.get("NameOfOrganisation"))); + root.appendChild(orgname); Element type = doc.createElement("HCP"); // TODO fix value mapping - if (collection.get("Type").equals("Medical Doctors")) + if (collection.get("Type").equals("Medical doctor")) type.appendChild(doc.createTextNode("D")); - doc.appendChild(type); + root.appendChild(type); Element specialization = doc.createElement("specialisation"); - // TODO fix value mapping - specialization.appendChild(doc.createTextNode(collection.get("Specialization").substring(0, 2))); - doc.appendChild(specialization); + if (collection.get("Specialization").contains("Arzt für Allgemeinmedizin")) + specialization.appendChild(doc.createTextNode("GP")); + root.appendChild(specialization); + + Element aqaa = doc.createElement("AQAA"); + aqaa.appendChild(doc.createTextNode("4")); + root.appendChild(aqaa); // get string from dom tree Source source = new DOMSource(doc); @@ -186,12 +197,18 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { ArrayList<String> value = new ArrayList<String>(); value.add(out.toString()); - acquiredAttribute = new PersonalAttribute("isHCP", false, value, "Available"); + acquiredAttribute = new PersonalAttribute("isHealthCareProfessional", false, value, "Available"); } // pack and return the result PersonalAttributeList result = new PersonalAttributeList(); result.add(acquiredAttribute); + + // add stork id for verification + ArrayList<String> value = new ArrayList<String>(); + value.add(new BPKBuilder().buildStorkbPK(moasession.getIdentityLink().getIdentificationValue(), "IT")); + result.add(new PersonalAttribute("eIdentifier", false, value, "Available")); + return result; } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java index 29b09487b..56f31723c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java @@ -1,12 +1,27 @@ package at.gv.egovernment.moa.id.protocols.stork2; public class ExternalAttributeRequestRequiredException extends Exception { + + /** The Constant serialVersionUID. */ + private static final long serialVersionUID = 5207631348933518908L; + + /** The ap. */ private AttributeProvider ap; + /** + * Instantiates a new external attribute request required exception. + * + * @param provider the provider + */ public ExternalAttributeRequestRequiredException(AttributeProvider provider) { ap = provider; } + /** + * Gets the ap. + * + * @return the ap + */ public AttributeProvider getAp() { return ap; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java new file mode 100644 index 000000000..ec38db513 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java @@ -0,0 +1,47 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Implements Attribute Provider for Mandates + */ +public class MISAttributeProvider implements AttributeProvider { + + String url = null; + + public MISAttributeProvider(String url) { + this.url = url; + } + + public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + Logger.error("Entering MIS for attribute: " + attributes.getName()); + + if (attributes.getName().equals("residencePermit")) { + Logger.error("MIS EXCEPTION: " + attributes.getName()); + //throw new ExternalAttributeRequestRequiredException(this); + } + + return null; // + } + + public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { + Logger.error("Entering MIS redirect for attribute: " ); + + } + + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { + return null; // + } + + public String getName() { + return "MandateProvider"; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 414e383fa..d89fb8cb2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -1,6 +1,8 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -20,6 +22,7 @@ public class MOAAttributeProvider { private final IdentityLink identityLink; private static final Map<String, String> storkAttributeSimpleMapping; private static final Map<String, String> storkAttributeFunctionMapping; + private final MOASTORKRequest moastorkRequest; static { Map<String, String> tempSimpleMap = new HashMap<String, String>(); @@ -32,8 +35,9 @@ public class MOAAttributeProvider { storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); } - public MOAAttributeProvider(IdentityLink identityLink) { + public MOAAttributeProvider(IdentityLink identityLink, MOASTORKRequest moastorkRequest) { this.identityLink = identityLink; + this.moastorkRequest = moastorkRequest; Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue()); } @@ -66,9 +70,16 @@ public class MOAAttributeProvider { } private String geteIdentifier() { - return "askdlaskdlaskdsds"; + Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry()); + try { + return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkRequest.getStorkAuthnRequest().getSpCountry()); + } catch (BuildException be) { + Logger.error("Stork eid could not be constructed; " + be.getMessage()); + return null; // TODO error + } } + private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) { try { String attributeValue = method.invoke(object, new Class[]{}).toString(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java deleted file mode 100644 index 8c9e288e3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java +++ /dev/null @@ -1,76 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -import java.io.Serializable; - -import at.gv.egovernment.moa.id.moduls.IRequest; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import org.opensaml.common.xml.SAMLConstants; - -/** - * @author bsuzic - * Date: 12/4/13, Time: 6:31 PM - */ - -public class MOASTORKAuthnRequest implements IRequest, Serializable { - private static final long serialVersionUID = 1L; - - - private String requestID; - private String target = null; - String module = null; - String action = null; - private STORKAuthnRequest storkAuthnRequest; - - public void setSTORKAuthnRequest(STORKAuthnRequest request) { - this.storkAuthnRequest = request; - } - - public STORKAuthnRequest getStorkAuthnRequest() { - return this.storkAuthnRequest; - } - - public String getOAURL() { - - return "https://sp:8889/SP"; // - } - - public boolean isPassiv() { - return false; // - } - - public boolean forceAuth() { - return false; // - } - - public boolean isSSOSupported() { - return false; // - } - - public String requestedModule() { - return this.module; // - } - - public String requestedAction() { - return action; // - } - - public void setModule(String module) { - this.module = module; - } - - public void setAction(String action) { - this.action = action; - } - - public String getTarget() { - return this.target; // - } - - public void setRequestID(String id) { - this.requestID = id; - } - - public String getRequestID() { - return this.requestID; // - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java new file mode 100644 index 000000000..e95cfabe2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -0,0 +1,130 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.io.Serializable; + +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + +/** + * Implements MOA request and stores StorkAuthn/Attr-Request related data + * + * @author bsuzic + */ + +public class MOASTORKRequest implements IRequest, Serializable { + private static final long serialVersionUID = 4581953368724501376L; + private String requestID; + private String target = null; + String module = null; + String action = null; + private STORKAuthnRequest storkAuthnRequest; + private STORKAttrQueryRequest storkAttrQueryRequest; + private boolean isAttrRequest = false; + private boolean isAuthnRequest = false; + + public void setSTORKAuthnRequest(STORKAuthnRequest request) { + this.storkAuthnRequest = request; + if (request != null) { + isAuthnRequest = true; + } + } + + public void setSTORKAttrRequest(STORKAttrQueryRequest request) { + this.storkAttrQueryRequest = request; + if (request != null) { + isAttrRequest = true; + } + } + + public boolean isAttrRequest() { + return this.isAttrRequest; + } + + public boolean isAuthnRequest() { + return this.isAuthnRequest; + } + + + public STORKAuthnRequest getStorkAuthnRequest() { + return this.storkAuthnRequest; + } + + public STORKAttrQueryRequest getStorkAttrQueryRequest() { + return this.storkAttrQueryRequest; + } + + public String getOAURL() { // TODO CHECK IT + if (isAuthnRequest) + return storkAuthnRequest.getAssertionConsumerServiceURL(); + else if (isAttrRequest) + return storkAttrQueryRequest.getAssertionConsumerServiceURL(); + else { + Logger.error("There is no authentication or attribute request contained in MOASTORKRequest."); + return null; + } + } + + public boolean isPassiv() { + return false; + } + + public boolean forceAuth() { + return false; + } + + public boolean isSSOSupported() { + return false; + } + + public String requestedModule() { + return this.module; + } + + public String requestedAction() { + return action; + } + + public void setModule(String module) { + this.module = module; + } + + public void setAction(String action) { + this.action = action; + } + + public String getTarget() { + return this.target; + } + + public void setRequestID(String id) { + this.requestID = id; + } + + public String getRequestID() { + return this.requestID; + } + + public IPersonalAttributeList getPersonalAttributeList() { + if(isAttrRequest()) + return this.storkAttrQueryRequest.getPersonalAttributeList(); + else + return this.storkAuthnRequest.getPersonalAttributeList(); + } + + public String getSpCountry() { + if(isAttrRequest()) + return this.storkAttrQueryRequest.getSpCountry(); + else + return this.storkAuthnRequest.getSpCountry(); + } + + public String getAssertionConsumerServiceURL() { + if(isAttrRequest()) + return this.storkAttrQueryRequest.getAssertionConsumerServiceURL(); + else + return this.storkAuthnRequest.getAssertionConsumerServiceURL(); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java new file mode 100644 index 000000000..36f5a80b4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java @@ -0,0 +1,75 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.io.Serializable; + +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.commons.STORKAuthnResponse; + +/** + * Implements MOA request and stores StorkAuthn/Attr-Request related data + * + * @author bsuzic + */ + +public class MOASTORKResponse implements Serializable { + private static final long serialVersionUID = -5798803155055518747L; + private STORKAuthnResponse storkAuthnRequest; + private STORKAttrQueryResponse storkAttrQueryRequest; + private boolean isAttrRequest = false; + private boolean isAuthnRequest = false; + + public void setSTORKAuthnResponse(STORKAuthnResponse request) { + this.storkAuthnRequest = request; + if (request != null) { + isAuthnRequest = true; + } + } + + public void setSTORKAttrResponse(STORKAttrQueryResponse request) { + this.storkAttrQueryRequest = request; + if (request != null) { + isAttrRequest = true; + } + } + + public boolean isAttrResponse() { + return this.isAttrRequest; + } + + public boolean isAuthnResponse() { + return this.isAuthnRequest; + } + + + public STORKAuthnResponse getStorkAuthnResponse() { + return this.storkAuthnRequest; + } + + public STORKAttrQueryResponse getStorkAttrQueryResponse() { + return this.storkAttrQueryRequest; + } + + public IPersonalAttributeList getPersonalAttributeList() { + if(isAttrResponse()) + return this.storkAttrQueryRequest.getPersonalAttributeList(); + else + return this.storkAuthnRequest.getPersonalAttributeList(); + } + + public void setPersonalAttributeList(PersonalAttributeList populateAttributes) { + if(isAttrResponse()) + this.storkAttrQueryRequest.setPersonalAttributeList(populateAttributes); + else + this.storkAuthnRequest.setPersonalAttributeList(populateAttributes); + } + + public void setCountry(String spCountry) { + if(isAttrResponse()) + this.storkAttrQueryRequest.setCountry(spCountry); + else + this.storkAuthnRequest.setCountry(spCountry); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java new file mode 100644 index 000000000..bad711dbb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import com.sun.xml.ws.security.trust.WSTrustConstants; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Processes mandate data after authentication is done in AT + * @author bsuzic + */ +public class MandateRetrievalRequest implements IAction { + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + return null; // + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + return true; + } + + public String getDefaultActionName() { + return STORKProtocol.MANDATERETRIEVALREQUEST; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 34f953514..a361d5f67 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -5,27 +5,23 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.ws.transport.http.HTTPInTransport; import org.opensaml.ws.transport.http.HTTPOutTransport; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import eu.stork.peps.auth.commons.STORKAuthnRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.util.Collections; import java.util.HashMap; /** * Stork 2 Protocol Support - * Date: 11/29/13, Time: 12:32 PM + * * @author bsuzic */ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { @@ -34,7 +30,8 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { public static final String PATH = "id_stork2"; public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; - public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector"; + public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector"; + public static final String MANDATERETRIEVALREQUEST = "MandateRetrievalRequest"; private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); @@ -62,7 +59,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } public STORKProtocol() { - super(); // + super(); } /* @@ -71,90 +68,60 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { */ public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { Logger.debug("Starting preprocessing"); - Logger.debug("Got request: " + request.toString()); Logger.debug("Request method: " + request.getMethod()); - for (Object o : Collections.list(request.getHeaderNames())) { - Logger.debug("Request header: " + o.toString() + ":::" + request.getHeader(o.toString())); - } - for (Object o : Collections.list(request.getParameterNames())) { - Logger.debug("Request parameter: " + o.toString() + "::::" + request.getParameter(o.toString())); - } - Logger.debug("Request content length: " + request.getContentLength()); - Logger.debug("Request query: " + request.getQueryString()); - Logger.debug("Response: " + response.toString()); - Logger.debug("Action: " + action); + Logger.debug("Initiating action: " + action); - Logger.debug("Processing saml request"); - String SAMLRequest = request.getParameter("SAMLRequest"); + MOASTORKRequest STORK2Request = new MOASTORKRequest(); + + if (AttributeCollector.class.getSimpleName().equals(action)) + return STORK2Request; HTTPInTransport profileReq = new HttpServletRequestAdapter(request); HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure()); - BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); samlMessageContext.setInboundMessageTransport(profileReq); - HTTPPostDecoder postDecoder = new HTTPPostDecoder(); - postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator - - try { - Logger.debug("Attempting to decode request..."); - postDecoder.decode(samlMessageContext); - } catch (Exception e) { - Logger.error("Error decoding STORKAuthnRequest", e); - } - /* - - STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); - //MOASTORKAuthnRequest STORK2Request = (MOASTORKAuthnRequest)samlMessageContext.getInboundSAMLMessage(); - MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); - STORK2Request.setSTORKAuthnRequest(ST2Req); - - Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode()); - Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel()); - Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); - - */ - //STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); - - - MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); - - //extract STORK Response from HTTP Request - //Decodes SAML Response - - byte[] decSamlToken; try { decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest")); - } catch(NullPointerException e) { - Logger.error("Unable to retrieve STORK Response", e); + } catch (NullPointerException e) { + Logger.error("Unable to retrieve STORK Request", e); throw new MOAIDException("stork.04", null); } //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + STORKSAMLEngine authnEngine = STORKSAMLEngine.getInstance("incoming"); + STORKSAMLEngine attrEngine = STORKSAMLEngine.getInstance("incoming_attr"); STORKAuthnRequest authnRequest = null; - Logger.error("decsamltoken" +decSamlToken.toString()); + STORKAttrQueryRequest attrRequest = null; + // check if valid authn request is contained try { - authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); + authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate storkrkauthnreqeust" + ex.getMessage() ); + Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } catch(ClassCastException e) { + // we do not have a authnRequest + // check if a valid attr request is container + try { + attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } } - Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL()); - Logger.error("cc " + authnRequest.getCitizenCountryCode()); - Logger.error("iss " + authnRequest.getIssuer()); - Logger.error("spid " + authnRequest.getSPID()); - Logger.error("spi " + authnRequest.getSpInstitution()); - + // if there is no authn or attr request, raise error + if ((authnRequest == null) && (attrRequest == null)) { + Logger.error("There is no authentication or attribute request contained."); + throw new MOAIDException("stork.14", null); + } STORK2Request.setSTORKAuthnRequest(authnRequest); - + STORK2Request.setSTORKAttrRequest(attrRequest); return STORK2Request; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 4314e666e..797695a00 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -89,12 +89,11 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) */ - public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { + public void performRedirect(String url, String spCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { String spSector = "Business"; String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; - String spCountry = "AT"; //generate AuthnRquest STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); @@ -103,12 +102,13 @@ public class StorkAttributeRequestProvider implements AttributeProvider { attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); attributeRequest.setQaa(oaParam.getQaaLevel()); attributeRequest.setSpInstitution(spInstitution); - attributeRequest.setCountry(spCountry); + attributeRequest.setCountry(spCountryCode); + attributeRequest.setSpCountry(spCountryCode); attributeRequest.setSpApplication(spApplication); attributeRequest.setSpSector(spSector); attributeRequest.setPersonalAttributeList(requestedAttributes); - attributeRequest.setCitizenCountryCode(citizenCountryCode); + attributeRequest.setCitizenCountryCode("AT"); Logger.debug("STORK AttrRequest succesfully assembled."); |