diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 95 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java | 10 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java) | 46 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java | 25 |
4 files changed, 100 insertions, 76 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index e10c4d9d9..91326a51d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -3,91 +3,77 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; -import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; -import edu.emory.mathcs.backport.java.util.Collections; -import eu.stork.peps.auth.commons.*; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.commons.io.IOUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnResponse; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.*; -import java.util.HashMap; -import eu.stork.peps.auth.engine.SAMLEngine; import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + /** + * Second request step - after authentication of the user is done and moasession obtained, + * process request and forward the user further to PEPS and/or other entities + * * @author bsuzic - * Date: 12/3/13, Time: 2:08 PM */ public class AuthenticationRequest implements IAction { - /* - Second request step - after authentication of the user is done and moasession obtained, - process request and forward the user further to PEPS and/or other entities - */ private VelocityEngine velocityEngine; private AuthenticationSession moaSession; - private MOASTORKAuthnRequest moaStorkAuthnRequest; + private MOASTORKRequest moaStorkRequest; public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { this.moaSession = moasession; - this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req; - - try { - MISMandate mandate = moasession.getMISMandate(); - String owbpk = mandate.getOWbPK(); - byte[] mand = mandate.getMandate(); - String profprep = mandate.getProfRep(); - //String textdesc = mandate.getTextualDescriptionOfOID(); - Element mndt = moasession.getMandate(); + this.moaStorkRequest = (MOASTORKRequest) req; + + if (moasession.getUseMandate()) { + try { + MISMandate mandate = moasession.getMISMandate(); + String owbpk = mandate.getOWbPK(); + byte[] mand = mandate.getMandate(); + String profprep = mandate.getProfRep(); + //String textdesc = mandate.getTextualDescriptionOfOID(); + Element mndt = moasession.getMandate(); + + iterate(mndt.getAttributes()); + Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); + } catch (Exception x) { + Logger.debug("There is no mandate used in transaction"); + } + } - iterate(mndt.getAttributes()); - Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); - } catch (Exception x) {} Logger.debug("Starting AuthenticationRequest"); - //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); - Logger.debug("Http Response: " + httpResp.toString() + ", "); - Logger.debug("Remote user: " + httpReq.getRemoteAddr()); - Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); httpResp.reset(); STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry(((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getSpCountry()); - + authnResponse.setCountry(((MOASTORKRequest) req).getStorkAuthnRequest().getSpCountry()); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); // Prepare basic AT attributes try { - IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); + IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); @@ -114,13 +100,13 @@ public class AuthenticationRequest implements IAction { DataContainer container = new DataContainer(); // - fill in the request we extracted above - container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); - + container.setRequest(((MOASTORKRequest) req).getStorkAuthnRequest()); + // - fill in the partial response created above container.setResponse(authnResponse); - + // - memorize the target url were we have to return the result - container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + container.setTarget(((MOASTORKRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); container.setRemoteAddress(httpReq.getRemoteAddr()); @@ -141,24 +127,25 @@ public class AuthenticationRequest implements IAction { Logger.debug("--Attribute: " + attributesList.item(j).getNodeName() + " = " + attributesList.item(j).getNodeValue()); - } } + } + } public PersonalAttributeList populateAttributes() { - IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList(); - Logger.info("Found " + attrLst.size() + " personal attributes in the request." ); + IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); + Logger.info("Found " + attrLst.size() + " personal attributes in the request."); // Define attribute list to be populated PersonalAttributeList attributeList = new PersonalAttributeList(); - MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkAuthnRequest); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest); try { for (PersonalAttribute personalAttribute : attrLst) { Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); moaAttributeProvider.populateAttribute(attributeList, personalAttribute); } - } catch (Exception e) { + } catch (Exception e) { Logger.error("Exception, attributes: " + e.getMessage()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 190a0d27c..d89fb8cb2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -22,7 +22,7 @@ public class MOAAttributeProvider { private final IdentityLink identityLink; private static final Map<String, String> storkAttributeSimpleMapping; private static final Map<String, String> storkAttributeFunctionMapping; - private final MOASTORKAuthnRequest moastorkAuthnRequest; + private final MOASTORKRequest moastorkRequest; static { Map<String, String> tempSimpleMap = new HashMap<String, String>(); @@ -35,9 +35,9 @@ public class MOAAttributeProvider { storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); } - public MOAAttributeProvider(IdentityLink identityLink, MOASTORKAuthnRequest moastorkAuthnRequest) { + public MOAAttributeProvider(IdentityLink identityLink, MOASTORKRequest moastorkRequest) { this.identityLink = identityLink; - this.moastorkAuthnRequest = moastorkAuthnRequest; + this.moastorkRequest = moastorkRequest; Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue()); } @@ -70,9 +70,9 @@ public class MOAAttributeProvider { } private String geteIdentifier() { - Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry()); + Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry()); try { - return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry()); + return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkRequest.getStorkAuthnRequest().getSpCountry()); } catch (BuildException be) { Logger.error("Stork eid could not be constructed; " + be.getMessage()); return null; // TODO error diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index cee64e16e..8c7fd8706 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -1,52 +1,76 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.moduls.IRequest; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAuthnRequest; -import org.opensaml.common.xml.SAMLConstants; /** + * Implements MOA request and stores StorkAuthnRequest related data + * * @author bsuzic - * Date: 12/4/13, Time: 6:31 PM */ -public class MOASTORKAuthnRequest implements IRequest { +public class MOASTORKRequest implements IRequest { private String requestID; private String target = null; String module = null; String action = null; private STORKAuthnRequest storkAuthnRequest; + private STORKAttrQueryRequest storkAttrQueryRequest; + private boolean isAttrRequest = false; + private boolean isAuthnRequest = false; public void setSTORKAuthnRequest(STORKAuthnRequest request) { this.storkAuthnRequest = request; + if (request != null) { + isAuthnRequest = true; + } } + public void setSTORKAttrRequest(STORKAttrQueryRequest request) { + this.storkAttrQueryRequest = request; + if (request != null) { + isAttrRequest = true; + } + + } + + public boolean isAttrRequest() { + return this.isAttrRequest; + } + + public boolean isAuthnRequest() { + return this.isAuthnRequest; + } + + public STORKAuthnRequest getStorkAuthnRequest() { return this.storkAuthnRequest; } public String getOAURL() { - return "https://sp:8889/SP"; // + return storkAuthnRequest.getAssertionConsumerServiceURL(); } public boolean isPassiv() { - return false; // + return false; } public boolean forceAuth() { - return false; // + return false; } public boolean isSSOSupported() { - return false; // + return false; } public String requestedModule() { - return this.module; // + return this.module; } public String requestedAction() { - return action; // + return action; } public void setModule(String module) { @@ -58,7 +82,7 @@ public class MOASTORKAuthnRequest implements IRequest { } public String getTarget() { - return this.target; // + return this.target; } public void setRequestID(String id) { @@ -66,6 +90,6 @@ public class MOASTORKAuthnRequest implements IRequest { } public String getRequestID() { - return this.requestID; // + return this.requestID; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 042d61080..28a516d2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -5,13 +5,12 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.ws.transport.http.HTTPInTransport; import org.opensaml.ws.transport.http.HTTPOutTransport; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; @@ -20,7 +19,6 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.util.Collections; import java.util.HashMap; /** @@ -81,6 +79,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); samlMessageContext.setInboundMessageTransport(profileReq); +/* HTTPPostDecoder postDecoder = new HTTPPostDecoder(); postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator @@ -90,8 +89,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } catch (Exception e) { Logger.error("Error decoding STORKAuthnRequest", e); } +*/ - MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); + MOASTORKRequest STORK2Request = new MOASTORKRequest(); //extract STORK Response from HTTP Request @@ -99,7 +99,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { try { decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest")); } catch(NullPointerException e) { - Logger.error("Unable to retrieve STORK Response", e); + Logger.error("Unable to retrieve STORK Request", e); throw new MOAIDException("stork.04", null); } @@ -107,13 +107,26 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); STORKAuthnRequest authnRequest = null; + STORKAttrQueryRequest attrRequest = null; + // check if valid authn request is contained try { authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() ); } + + // check if a valid attr request is container + try { + attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() ); + } + + + + Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL()); Logger.error("cc " + authnRequest.getCitizenCountryCode()); Logger.error("iss " + authnRequest.getIssuer()); @@ -121,7 +134,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.error("spi " + authnRequest.getSpInstitution()); STORK2Request.setSTORKAuthnRequest(authnRequest); - + STORK2Request.setSTORKAttrRequest(attrRequest); return STORK2Request; } |