diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 191 |
1 files changed, 104 insertions, 87 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index efa77577e..dc30e4e12 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -25,6 +25,7 @@ import org.w3c.dom.NamedNodeMap; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.IOException; import java.io.StringWriter; import java.security.NoSuchAlgorithmException; @@ -48,6 +49,11 @@ public class AuthenticationRequest implements IAction { this.moaSession = moasession; + Logger.info("CPEPS " + AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS("SI").getPepsURL().toString()); + + + //AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap(). + if ((req instanceof MOASTORKRequest) && !((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) { this.moaStorkRequest = (MOASTORKRequest) req; @@ -155,36 +161,37 @@ public class AuthenticationRequest implements IAction { // preparing redirection for the client + + //STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest(); + try { - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); - VelocityContext context = new VelocityContext(); + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + Logger.debug("Starting generation of SAML request"); + storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest); - //STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest(); + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } - try { - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - Logger.debug("Starting generation of SAML request"); - storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest); - - //generateSAML Token - Logger.info("SAML response succesfully generated!"); - } catch (STORKSAMLEngineException e) { - Logger.error("Failed to generate STORK SAML Response", e); - throw new MOAIDException("stork.05", null); - } + // store original request from sp in order to be able to extract it in later iteration/response + try { + AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), originalRequest); + Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request"); + } catch (MOADatabaseException e) { + e.printStackTrace(); + } - // store original request from sp in order to be able to extract it in later iteration/response - try { - AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), originalRequest); - Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request"); - } catch (MOADatabaseException e) { - e.printStackTrace(); - } + byte[] blob; + try { - byte[] blob; + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); blob = storkAuthnRequest.getTokenSaml(); context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(blob)); @@ -209,91 +216,101 @@ public class AuthenticationRequest implements IAction { } return "xxxx";// TODO - } // check if we got the response from peps, if so then process it and forward to sp - else if ((req instanceof MOASTORKResponse)) { - - MOASTORKResponse moastorkResponse = (MOASTORKResponse) req; - - - STORKAuthnResponse authnResponse = null; - // check if valid authn request is contained + } else if ((req instanceof MOASTORKResponse)) { + // Check if we got the response from PEPS + // If so then process it and forward to SP - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - - try { - authnResponse = engine.validateSTORKAuthnResponse(moastorkResponse.getSTORKAuthnResponseToken(), httpReq.getRemoteAddr()); - } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage()); - } + return handleMOAStorkResponse("VIDP", (MOASTORKResponse) req, httpReq.getRemoteAddr(), httpResp); + } else { + Logger.error("Could not recognize request."); + throw new MOAIDException("stork.15", null); + } + } - Logger.info("Requesting artifactId " + authnResponse.getInResponseTo() + " from store."); + /* + Handles STORKAuthnResponse received from PEPS (return to SP) + */ + private String handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException { - DataContainer dataContainer = null; + STORKAuthnResponse authnResponse = null; - try { - dataContainer = AssertionStorage.getInstance().get(authnResponse.getInResponseTo(), DataContainer.class); - } catch (MOADatabaseException e) { - e.printStackTrace(); - } + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance(instanceName); - authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId()); - authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL()); + try { + authnResponse = engine.validateSTORKAuthnResponse(moastorkResponse.getSTORKAuthnResponseToken(), remoteAddr); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage()); + throw new MOAIDException("stork.15", null); // TODO + } + Logger.debug("Requesting artifactId " + authnResponse.getInResponseTo() + " from store."); - try { - //Get SAMLEngine instance - STORKSAMLEngine engine2 = STORKSAMLEngine.getInstance("VIDP"); - Logger.debug("Starting generation of SAML response"); + DataContainer dataContainer = null; + try { + dataContainer = AssertionStorage.getInstance().get(authnResponse.getInResponseTo(), DataContainer.class); + } catch (MOADatabaseException e) { + Logger.error("Unable to retrieve datacontainer with reference authentication request. Database exception."); + throw new MOAIDException("stork.15", null); // TODO + } - authnResponse = engine2.generateSTORKAuthnResponse(dataContainer.getRequest().getStorkAuthnRequest(), authnResponse, httpReq.getRemoteAddr(), false); + // setting new reference request and return url + authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId()); + authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL()); - //generateSAML Token - Logger.info("SAML response succesfully generated!"); - } catch (STORKSAMLEngineException e) { - Logger.error("Failed to generate STORK SAML Response", e); - throw new MOAIDException("stork.05", null); - } + Logger.debug("Starting generation of SAML response"); + try { + authnResponse = engine.generateSTORKAuthnResponse(dataContainer.getRequest().getStorkAuthnRequest(), authnResponse, remoteAddr, false); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); // TODO check + } - // preparing redirection for the client - try { - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); - VelocityContext context = new VelocityContext(); + Logger.info("SAML response succesfully generated."); - byte[] blob; - blob = authnResponse.getTokenSaml(); + // preparing redirection for the client + performRedirection("SAMLResponse", dataContainer.getRequest().getAssertionConsumerServiceURL(), authnResponse.getTokenSaml(), httpResp); + return "yyyyy"; // TODO + } - context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob)); - Logger.debug("SAMLResponse original: " + new String(blob)); + /* + Perform redirection of the client based on post binding + */ + private void performRedirection(String actionType, String assertionConsumerURL, byte[] tokenSaml, HttpServletResponse httpResp) throws MOAIDException { + Logger.info("Performing redirection, using action type: " + actionType); - Logger.debug("Putting assertion consumer url as action: " + dataContainer.getRequest().getAssertionConsumerServiceURL()); - context.put("action", dataContainer.getRequest().getAssertionConsumerServiceURL()); + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); - Logger.debug("Starting template merge"); - StringWriter writer = new StringWriter(); + context.put(actionType, PEPSUtil.encodeSAMLToken(tokenSaml)); + Logger.debug("Encoded " + actionType + " original: " + new String(tokenSaml)); - Logger.debug("Doing template merge"); - template.merge(context, writer); - Logger.debug("Template merge done"); + Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL); + context.put("action", assertionConsumerURL); - Logger.debug("Sending html content: " + writer.getBuffer().toString()); - Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + Logger.debug("Starting template merge"); + StringWriter writer = new StringWriter(); - httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + Logger.debug("Doing template merge"); + template.merge(context, writer); + Logger.debug("Template merge done"); - } catch (Exception e) { - Logger.error("Velocity error: " + e.getMessage()); - } + Logger.debug("Sending html content: " + writer.getBuffer().toString()); + Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); - return "yyyyy"; // TODO - } else { - Logger.error("Could not recognize request."); - throw new MOAIDException("stork.15", null); + } catch (IOException e) { + Logger.error("Velocity IO error: " + e.getMessage()); + throw new MOAIDException("stork.15", null); // TODO + } catch (Exception e) { + Logger.error("Velocity general error: " + e.getMessage()); + throw new MOAIDException("stork.15", null); // TODO } - } + } public void generatePEPSRedirect(HttpServletResponse httpResp, DataContainer container) throws MOAIDException { MOASTORKRequest request = container.getRequest(); |