aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java160
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java72
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java127
3 files changed, 359 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index e69de29bb..49b6bba8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -0,0 +1,160 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.vidp.api.messages.StartAuthResponse;
+import eu.stork.vidp.messages.stork.SpInstitution;
+import eu.stork.vidp.messages.util.SAMLUtil;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
+import org.opensaml.xml.util.Base64;
+import org.opensaml.xml.util.XMLHelper;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.io.Writer;
+import java.util.HashMap;
+
+/**
+ * @author bsuzic
+ * Date: 12/3/13, Time: 2:08 PM
+ */
+
+public class AuthenticationRequest implements IAction {
+ /*
+ Second request step - after authentication of the user is done and moasession obtained,
+ process request and forward the user further to PEPS and/or other entities
+ */
+
+
+ private VelocityEngine velocityEngine;
+
+
+ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ Logger.debug("Starting AuthenticationRequest");
+ //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession);
+ Logger.debug("Http Response: " + httpResp.toString() + ", ");
+ Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget());
+ httpResp.reset();
+ //httpResp.addHeader("Location", "http:/www.google.com");
+ if (req instanceof STORKAuthnRequestDEL) {
+ Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel());
+ StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest());
+
+ HttpSession httpSession = httpReq.getSession();
+ httpSession.setAttribute("STORKSessionID", "12345");
+ httpResp.setStatus(startAuthResponse.getHttpStatusCode());
+ try {
+ ServletOutputStream os = httpResp.getOutputStream();
+ String html = new String(startAuthResponse.getContent());
+
+
+ if (html.contains("<![CDATA[")) {
+ Logger.info("-------- content contains <![CDATA[-----------------");
+ Logger.info("-------- content contains html -----------------");
+ Logger.info("HTML : " + html);
+ int beginIndex = html.indexOf("<![CDATA[");
+ int endIndex = html.indexOf("]]>");
+ html = html.substring(beginIndex + 9, endIndex);
+ startAuthResponse.setContent(html.getBytes());
+
+ }
+ Logger.info("HTML : " + html);
+
+ os.write(startAuthResponse.getContent());
+ Logger.info("Response sent to client");
+ } catch (IOException e) {
+ Logger.error("ERROR MOA");
+ throw new MOAIDException("error response sending", new Object[]{});
+ }
+ //httpSession.setAttribute("CCC", ccc);
+ }
+
+
+ //httpResp.setStatus(200);
+ //VPEPSInboundPostHandler
+
+
+ return "12345"; // AssertionId
+ }
+
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ return true;
+ }
+
+
+ public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) {
+
+ StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap<String, String>());
+
+ if (authnRequest.getSPID() != null) {
+ Logger.debug("SP id: " + authnRequest.getSPID());
+ } else {
+ SpInstitution spInstitution = (SpInstitution)authnRequest.getExtensions().getUnknownXMLObjects(SpInstitution.DEFAULT_ELEMENT_NAME).get(0);
+ Logger.debug("SP institution: " + spInstitution.getValue());
+ }
+
+ Logger.debug("SPEPS issuer: " + authnRequest.getIssuer().getValue());
+ Logger.debug("SPEPS Consumer URL: " + authnRequest.getAssertionConsumerServiceURL());
+
+
+
+ try {
+
+ initVelocityEngine();
+ VelocityContext velocityContext = new VelocityContext();
+
+ velocityContext.put("action", authnRequest.getDestination());
+ if (authnRequest.getDOM() == null) {
+ SAMLUtil.marshallMessage(authnRequest);
+ }
+
+ String messageXML = XMLHelper.nodeToString(authnRequest.getDOM());
+ String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
+ velocityContext.put("SAMLRequest", encodedMessage);
+ ByteArrayOutputStream outStream = new ByteArrayOutputStream();
+
+ Writer out = new OutputStreamWriter(outStream, "UTF-8");
+ velocityEngine.mergeTemplate("/templates/saml2-post-binding.vm", "UTF-8", velocityContext, out);
+ out.flush();
+ authResponse.setContent(outStream.toByteArray());
+
+ authResponse.addHeader("Content-Type", "text/html; charset=utf-8");
+ authResponse.addHeader("Cache-Control", "no-cache");
+ authResponse.setHttpStatusCode(200);
+
+ } catch (Exception e) {
+ Logger.error("ERROR");
+ }
+
+
+ return authResponse;
+ }
+
+ public String getDefaultActionName() {
+ return STORKProtocol.AUTHENTICATIONREQUEST;
+ }
+
+
+ private void initVelocityEngine() throws Exception {
+ velocityEngine = new VelocityEngine();
+ velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+ velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ velocityEngine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+
+ velocityEngine.init();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java
index e69de29bb..9e3e7f53d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java
@@ -0,0 +1,72 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.vidp.messages.saml.impl.STORKAuthnRequestImpl;
+import org.opensaml.common.xml.SAMLConstants;
+
+/**
+ * @author bsuzic
+ * Date: 12/4/13, Time: 6:31 PM
+ */
+//public class STORKAuthnRequestDEL extends STORKAuthnRequestImpl implements IRequest {
+
+public class STORKAuthnRequestDEL implements IRequest {
+ private String requestID;
+ private String target = null;
+ String module = null;
+ String action = null;
+ private STORKAuthnRequest storkAuthnRequest;
+
+ public void setSTORKAuthnRequest(STORKAuthnRequestImpl request) {
+ this.storkAuthnRequest = request;
+ }
+
+ public STORKAuthnRequest getStorkAuthnRequest() {
+ return this.storkAuthnRequest;
+ }
+
+ public String getOAURL() {
+ return "https://sp:8889/SP"; //
+ }
+
+ public boolean isPassiv() {
+ return false; //
+ }
+
+ public boolean forceAuth() {
+ return false; //
+ }
+
+ public boolean isSSOSupported() {
+ return false; //
+ }
+
+ public String requestedModule() {
+ return this.module; //
+ }
+
+ public String requestedAction() {
+ return action; //
+ }
+
+ public void setModule(String module) {
+ this.module = module;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public String getTarget() {
+ return this.target; //
+ }
+
+ public void setRequestID(String id) {
+ this.requestID = id;
+ }
+
+ public String getRequestID() {
+ return this.requestID; //
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java
index e69de29bb..15096083e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java
@@ -0,0 +1,127 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.vidp.messages.saml.impl.STORKAuthnRequestImpl;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
+import org.opensaml.ws.transport.http.HTTPInTransport;
+import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Collections;
+import java.util.HashMap;
+
+/**
+ * Stork 2 Protocol Support
+ * Date: 11/29/13, Time: 12:32 PM
+ * @author bsuzic
+ */
+public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
+
+ public static final String NAME = STORKProtocol.class.getName();
+ public static final String PATH = "id_stork2";
+
+ public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
+
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
+ static {
+
+ actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
+
+ instance = new STORKProtocol();
+ }
+
+ private static STORKProtocol instance = null;
+
+
+ public String getName() {
+ return NAME;
+ }
+
+ public String getPath() {
+ return PATH;
+ }
+
+ public IAction getAction(String action) {
+ return actions.get(action);
+ }
+
+ /*
+ First request step - send it to BKU selection for user authentication. After the user credentials
+ and other info are obtained, in the second step the request will be processed and the user redirected
+ */
+ public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException {
+ Logger.debug("Starting preprocessing");
+ Logger.debug("Got request: " + request.toString());
+ Logger.debug("Request method: " + request.getMethod());
+ for (Object o : Collections.list(request.getHeaderNames())) {
+ Logger.debug("Request header: " + o.toString() + ":::" + request.getHeader(o.toString()));
+ }
+ for (Object o : Collections.list(request.getParameterNames())) {
+ Logger.debug("Request parameter: " + o.toString() + "::::" + request.getParameter(o.toString()));
+ }
+
+ Logger.debug("Request content length: " + request.getContentLength());
+ Logger.debug("Request query: " + request.getQueryString());
+ Logger.debug("Response: " + response.toString());
+ Logger.debug("Action: " + action);
+
+ Logger.debug("Processing saml request");
+ String SAMLRequest = request.getParameter("SAMLRequest");
+
+ HTTPInTransport profileReq = new HttpServletRequestAdapter(request);
+ HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure());
+
+
+ BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext();
+ samlMessageContext.setInboundMessageTransport(profileReq);
+
+ HTTPPostDecoder postDecoder = new HTTPPostDecoder();
+ postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator
+
+ try {
+ Logger.debug("Attempting to decode request...");
+ postDecoder.decode(samlMessageContext);
+ } catch (Exception e) {
+ Logger.error("Error decoding STORKAuthnRequest", e);
+ }
+
+ STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage();
+ //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage();
+ STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL();
+ STORK2Request.setSTORKAuthnRequest(ST2Req);
+
+ Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode());
+ Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel());
+ Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString());
+
+
+ return STORK2Request;
+ }
+
+ public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
+ return null;
+ }
+
+ public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
+ return false;
+ }
+
+ public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
+ return false;
+ }
+}
+
+