diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
2 files changed, 134 insertions, 80 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 3b78ef37c..7801f9a54 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -91,95 +91,149 @@ public class AttributeCollector implements IAction { * @throws MOAIDException */ public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { - // check if there are attributes we need to fetch - IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); - IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); - List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>(); - for(PersonalAttribute current : requestAttributeList) - if(!responseAttributeList.containsKey(current)) - missingAttributes.add(current); - - try { - // for each attribute still missing - for(PersonalAttribute currentAttribute : missingAttributes) { - // - check if we can find a suitable AttributeProvider Plugin - for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { - try { - // - hand over control to the suitable plugin - IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); - - // - add the aquired attribute to the container - for(PersonalAttribute current : aquiredAttributes) - container.getResponse().getPersonalAttributeList().add(current); - } catch(UnsupportedAttributeException e) { - // ok, try the next attributeprovider - } catch(MOAIDException e) { - // the current plugin had an error. Try the next one. - // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop - } - - } - } - } catch (ExternalAttributeRequestRequiredException e) { - // the attribute request is ongoing and requires an external service. - try { - // memorize the container again - // - generate new key - String newArtifactId = new SecureRandomIdentifierGenerator() - .generateIdentifier(); /* - Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); - StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); - - HttpSession httpSession = httpReq.getSession(); - httpSession.setAttribute("STORKSessionID", "12345"); - httpResp.setStatus(startAuthResponse.getHttpStatusCode()); - try { - ServletOutputStream os = httpResp.getOutputStream(); - String html = new String(startAuthResponse.getContent()); - - - if (html.contains("<![CDATA[")) { - Logger.info("-------- content contains <![CDATA[-----------------"); - Logger.info("-------- content contains html -----------------"); - Logger.info("HTML : " + html); - int beginIndex = html.indexOf("<![CDATA["); - int endIndex = html.indexOf("]]>"); - html = html.substring(beginIndex + 9, endIndex); - startAuthResponse.setContent(html.getBytes()); + // check if there are attributes we need to fetch + this.httpResp = response; + this.container = container; + + IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); + IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); + List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>(); + for (PersonalAttribute current : requestAttributeList) + if (!responseAttributeList.containsKey(current.getName())) + missingAttributes.add(current); + + // Try to get all missing attributes + try { + // for each attribute still missing + for (PersonalAttribute currentAttribute : missingAttributes) { + // - check if we can find a suitable AttributeProvider Plugin + for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { + try { + // - hand over control to the suitable plugin + IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); + + // - add the aquired attribute to the container + for (PersonalAttribute current : aquiredAttributes) + container.getResponse().getPersonalAttributeList().add(current); + } catch (UnsupportedAttributeException e) { + // ok, try the next attributeprovider + } catch (MOAIDException e) { + // the current plugin had an error. Try the next one. + // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop + } + } - Logger.info("HTML : " + html); + } + + // build response + generateSTORKResponse(); + + // set new http response + generateRedirectResponse(); + response = httpResp; + + return "12345"; // AssertionId + + } catch (ExternalAttributeRequestRequiredException e) { + // the attribute request is ongoing and requires an external service. + try { + // memorize the container again + // - generate new key + String newArtifactId = new SecureRandomIdentifierGenerator() + .generateIdentifier(); + // - put container in temporary store. + AssertionStorage.getInstance().put(newArtifactId, container); + + // add container-key to redirect embedded within the return URL + e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); + - os.write(startAuthResponse.getContent()); - Logger.info("Response sent to client"); - } catch (IOException e) { - Logger.error("ERROR MOA"); - throw new MOAIDException("error response sending", new Object[]{}); + } catch (Exception e1) { + // TODO should we return the response as is to the PEPS? + Logger.error("Error putting incomplete Stork response into temporary storage", e); + throw new MOAIDException("stork.11", null); } - //httpSession.setAttribute("CCC", ccc); - */ + return "12345"; // TODO what to do here? } - //httpResp.setStatus(200); - //VPEPSInboundPostHandler + } - // - put container in temporary store. - AssertionStorage.getInstance().put(newArtifactId, container); - // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); - } catch (Exception e1) { - // TODO should we return the response as is to the PEPS? - Logger.error("Error putting incomplete Stork response into temporary storage", e); - throw new MOAIDException("stork.11", null); - } + private void generateSTORKResponse() throws MOAIDException { + STORKAuthnResponse authnResponse = container.getResponse(); + STORKAuthnRequest authnRequest = container.getRequest(); - return "12345"; // TODO what to do here? - } - // build response - // done - return "12345"; // AssertionId + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + Logger.debug("Starting generation of SAML response"); + authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false); + + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + Logger.info("STORK SAML Response message succesfully generated "); + String statusCodeValue = authnResponse.getStatusCode(); + + try { + Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); + Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works + Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + + } catch (IOException e) { + e.printStackTrace(); + } + + container.setResponse(authnResponse); + + } + + + private void generateRedirectResponse() { + STORKAuthnResponse authnResponse = container.getResponse(); + STORKAuthnRequest authnRequest = container.getRequest(); + + + // preparing redirection for the client + + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + + context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + + Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); + context.put("action", authnRequest.getAssertionConsumerServiceURL()); + Logger.debug("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.debug("Doing template merge"); + template.merge(context, writer); + Logger.debug("Template merge done"); + + Logger.debug("Sending html content: " + writer.getBuffer().toString()); + Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + + + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + } + + //HttpSession httpSession = this.httpResp.getSession(); + //httpSession.setAttribute("STORKSessionID", "12345"); + //Logger.info("Status code again: " + authnResponse.getStatusCode()); + + //return "12345"; // AssertionId } /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 318a8fc9c..01f0079ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -137,7 +137,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); STORKAuthnRequest authnRequest = null; Logger.error("decsamltoken" +decSamlToken.toString()); |