aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java170
1 files changed, 84 insertions, 86 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index dc30e4e12..599d0c302 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -19,7 +19,9 @@ import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.impl.AudienceRestrictionBuilder;
+import org.opensaml.saml2.core.impl.AudienceRestrictionImpl;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
@@ -27,7 +29,8 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.StringWriter;
-import java.security.NoSuchAlgorithmException;
+import java.net.MalformedURLException;
+import java.net.URL;
/**
@@ -49,12 +52,7 @@ public class AuthenticationRequest implements IAction {
this.moaSession = moasession;
- Logger.info("CPEPS " + AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS("SI").getPepsURL().toString());
-
-
- //AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().
-
- if ((req instanceof MOASTORKRequest) && !((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) {
+ if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("AT")) {
this.moaStorkRequest = (MOASTORKRequest) req;
@@ -78,20 +76,18 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Starting AuthenticationRequest");
moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse());
-
STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
Logger.debug("Starting generation of SAML response");
try {
moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(), httpReq.getRemoteAddr(), false));
} catch (STORKSAMLEngineException ex) {
- // TODO
+ Logger.error("Failed to generate STORK SAML Response", ex);
+ throw new MOAIDException("stork.05", null); // TODO
}
// Get personal attributtes from MOA/IdentityLink
moaStorkResponse.setPersonalAttributeList(populateAttributes());
-
-
}
//moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
@@ -110,60 +106,66 @@ public class AuthenticationRequest implements IAction {
container.setRemoteAddress(httpReq.getRemoteAddr());
-
- STORKAuthnResponse arep = moaStorkResponse.getStorkAuthnResponse();
-
-
- arep.setCountry("XX");
- arep.setInResponseTo("xxxx");
- arep.setMessage("xxxx");
- arep.setSamlId("xxxx");
- arep.setStatusCode("xxxx");
-
- // arep.setNotBefore(new DateTime().withTimeAtStartOfDay());
- // arep.setNotOnOrAfter(new DateTime().withTimeAtStartOfDay());
-
-
Logger.debug("Data container prepared");
return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
- } // check if we are getting request for citizen of some other country
- else if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) {
-
- // - generate new key
- String artifactId = null;
- try {
- artifactId = new SecureRandomIdentifierGenerator().generateIdentifier();
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- }
-
+ }
+ // check if we are getting request for citizen of some other country
+ else if (req instanceof MOASTORKRequest) {
STORKAuthnRequest spAuthnRequest = ((MOASTORKRequest) req).getStorkAuthnRequest();
- STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest();
+ STORKAuthnRequest storkAuthnRequest = null;
+
+ String citizenCountryCode = spAuthnRequest.getCitizenCountryCode();
+ Logger.info("Got authentication request for citizen of " + citizenCountryCode);
try {
storkAuthnRequest = (STORKAuthnRequest) spAuthnRequest.clone();
} catch (CloneNotSupportedException e) {
- e.printStackTrace();
+ Logger.error("Could not clone AuthnRequest ", e);
+ throw new MOAIDException("stork.05", null); // TODO
}
- storkAuthnRequest.setIssuer("VIDP");
- storkAuthnRequest.setAssertionConsumerServiceURL("https://vm-stork2-vidp:8443/moa-id-auth/stork2/SendPEPSAuthnRequest");
- storkAuthnRequest.setSamlId(artifactId);
- String publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
- if (publicURLPrefix == null)
- throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+ // check if citizen country is configured in the system
+ if (!(AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) {
+ Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode);
+ throw new MOAIDException("stork.05", null); // TODO
+ }
+ // extracting basic settings and adjusting assertion consumer
+ String issuer = null;
+ String assertionConsumerURL = null;
+ String publicURLPrefix = null;
+ String destinationURL = null;
- DataContainer originalRequest = new DataContainer();
- originalRequest.setRequest((MOASTORKRequest) req);
+ try {
+ issuer = new URL(AuthConfigurationProvider.getInstance().getPublicURLPrefix()).toString();
+ destinationURL = AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString();
+ publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+ assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest";
+ } catch (MalformedURLException ex) {
+ Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProvider.getInstance().getPublicURLPrefix(), ex);
+ throw new MOAIDException("stork.05", null); // TODO
+ } catch (Exception ex) {
+ Logger.error("Problem with PEPS configuration of MOA instance.", ex);
+ throw new MOAIDException("stork.05", null); // TODO
+ }
- // preparing redirection for the client
+ // drop if we do not have publicprefix url configured on the instance
+ if (publicURLPrefix == null)
+ throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
- //STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest();
+ // adjusting request
+ storkAuthnRequest.setEIDCrossBorderShare(spAuthnRequest.isEIDCrossBorderShare());
+ storkAuthnRequest.setEIDSectorShare(spAuthnRequest.isEIDSectorShare());
+ storkAuthnRequest.setEIDCrossSectorShare(spAuthnRequest.isEIDCrossSectorShare());
+ storkAuthnRequest.setCitizenCountryCode(spAuthnRequest.getCitizenCountryCode());
+ storkAuthnRequest.setIssuer(issuer);
+ storkAuthnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
+ storkAuthnRequest.setDestination(destinationURL);
+ // regenerate request
try {
//Get SAMLEngine instance
STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
@@ -177,49 +179,26 @@ public class AuthenticationRequest implements IAction {
throw new MOAIDException("stork.05", null);
}
+ // store original request from SP in order to be able to extract it in later iteration/response
+ DataContainer spRequestContainer = new DataContainer();
+ spRequestContainer.setRequest((MOASTORKRequest) req);
- // store original request from sp in order to be able to extract it in later iteration/response
try {
- AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), originalRequest);
- Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request");
+ AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), spRequestContainer);
+ Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request with id " + spAuthnRequest.getSamlId());
} catch (MOADatabaseException e) {
e.printStackTrace();
}
- byte[] blob;
- try {
-
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
- Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
- VelocityContext context = new VelocityContext();
- blob = storkAuthnRequest.getTokenSaml();
-
- context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(blob));
- Logger.debug("SAMLRequest original: " + new String(blob));
-
- Logger.debug("Putting url as action: " + "https://peps-test.mju.gov.si/PEPS/ColleagueRequest");
- context.put("action", "https://peps-test.mju.gov.si/PEPS/ColleagueRequest");
- Logger.debug("Starting template merge");
- StringWriter writer = new StringWriter();
-
- Logger.debug("Doing template merge");
- template.merge(context, writer);
- Logger.debug("Template merge done");
-
- Logger.debug("Sending html content: " + writer.getBuffer().toString());
- Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
-
- httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
-
- } catch (Exception e) {
- Logger.error("Velocity error: " + e.getMessage());
- }
+ // preparing redirection for the client
+ performRedirection("SAMLRequest", destinationURL, storkAuthnRequest.getTokenSaml(), httpResp);
return "xxxx";// TODO
- } else if ((req instanceof MOASTORKResponse)) {
- // Check if we got the response from PEPS
- // If so then process it and forward to SP
+ }
+ // Check if we got the response from PEPS
+ // If so then process it and forward to SP
+ else if ((req instanceof MOASTORKResponse)) {
return handleMOAStorkResponse("VIDP", (MOASTORKResponse) req, httpReq.getRemoteAddr(), httpResp);
} else {
Logger.error("Could not recognize request.");
@@ -227,6 +206,11 @@ public class AuthenticationRequest implements IAction {
}
}
+
+ private String handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) {
+
+ }
+
/*
Handles STORKAuthnResponse received from PEPS (return to SP)
*/
@@ -257,6 +241,10 @@ public class AuthenticationRequest implements IAction {
// setting new reference request and return url
authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId());
authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL());
+ //AudienceRestrictionBuilder audienceRestrictionBuilder = new AudienceRestrictionBuilder();
+ //AudienceRestriction audienceRestriction = audienceRestrictionBuilder.buildObject(dataContainer.getRequest().getAssertionConsumerServiceURL(), "localname", "nameprefix");
+
+ //authnResponse.getAssertions().get(0).getConditions().getAudienceRestrictions().add(audienceRestriction);
Logger.debug("Starting generation of SAML response");
try {
@@ -372,11 +360,21 @@ public class AuthenticationRequest implements IAction {
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country
if (req instanceof MOASTORKRequest) {
- if (((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) {
- return false;
-
+ MOASTORKRequest moastorkRequest = (MOASTORKRequest) req;
+ if (moastorkRequest.getStorkAuthnRequest() != null) {
+ String citizenCountryCode = moastorkRequest.getStorkAuthnRequest().getCitizenCountryCode();
+ // check if citizen country is configured in the system
+ try {
+ if (AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode)) {
+ return false;
+ }
+ } catch (MOAIDException e) {
+ Logger.error("Could not initialize AuthConfigurationProvider");
+ }
}
+ // authentication is not required if received authentication response
} else if (req instanceof MOASTORKResponse) {
return false;
}