aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java95
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java)46
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java25
4 files changed, 100 insertions, 76 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index e10c4d9d9..91326a51d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -3,91 +3,77 @@ package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
-import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
-import edu.emory.mathcs.backport.java.util.Collections;
-import eu.stork.peps.auth.commons.*;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import org.apache.commons.io.IOUtils;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
-import org.opensaml.xml.util.Base64;
-import org.opensaml.xml.util.XMLHelper;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.*;
-import java.util.HashMap;
-import eu.stork.peps.auth.engine.SAMLEngine;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
/**
+ * Second request step - after authentication of the user is done and moasession obtained,
+ * process request and forward the user further to PEPS and/or other entities
+ *
* @author bsuzic
- * Date: 12/3/13, Time: 2:08 PM
*/
public class AuthenticationRequest implements IAction {
- /*
- Second request step - after authentication of the user is done and moasession obtained,
- process request and forward the user further to PEPS and/or other entities
- */
private VelocityEngine velocityEngine;
private AuthenticationSession moaSession;
- private MOASTORKAuthnRequest moaStorkAuthnRequest;
+ private MOASTORKRequest moaStorkRequest;
public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
this.moaSession = moasession;
- this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req;
-
- try {
- MISMandate mandate = moasession.getMISMandate();
- String owbpk = mandate.getOWbPK();
- byte[] mand = mandate.getMandate();
- String profprep = mandate.getProfRep();
- //String textdesc = mandate.getTextualDescriptionOfOID();
- Element mndt = moasession.getMandate();
+ this.moaStorkRequest = (MOASTORKRequest) req;
+
+ if (moasession.getUseMandate()) {
+ try {
+ MISMandate mandate = moasession.getMISMandate();
+ String owbpk = mandate.getOWbPK();
+ byte[] mand = mandate.getMandate();
+ String profprep = mandate.getProfRep();
+ //String textdesc = mandate.getTextualDescriptionOfOID();
+ Element mndt = moasession.getMandate();
+
+ iterate(mndt.getAttributes());
+ Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
+ } catch (Exception x) {
+ Logger.debug("There is no mandate used in transaction");
+ }
+ }
- iterate(mndt.getAttributes());
- Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
- } catch (Exception x) {}
Logger.debug("Starting AuthenticationRequest");
- //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession);
- Logger.debug("Http Response: " + httpResp.toString() + ", ");
- Logger.debug("Remote user: " + httpReq.getRemoteAddr());
- Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget());
httpResp.reset();
STORKAuthnResponse authnResponse = new STORKAuthnResponse();
- authnResponse.setCountry(((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getSpCountry());
-
+ authnResponse.setCountry(((MOASTORKRequest) req).getStorkAuthnRequest().getSpCountry());
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() });
+ throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
// Prepare basic AT attributes
try {
- IPersonalAttributeList moaAttrList = moasession.getStorkAttributes();
+ IPersonalAttributeList moaAttrList = moasession.getStorkAttributes();
Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size());
@@ -114,13 +100,13 @@ public class AuthenticationRequest implements IAction {
DataContainer container = new DataContainer();
// - fill in the request we extracted above
- container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest());
-
+ container.setRequest(((MOASTORKRequest) req).getStorkAuthnRequest());
+
// - fill in the partial response created above
container.setResponse(authnResponse);
-
+
// - memorize the target url were we have to return the result
- container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
+ container.setTarget(((MOASTORKRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
container.setRemoteAddress(httpReq.getRemoteAddr());
@@ -141,24 +127,25 @@ public class AuthenticationRequest implements IAction {
Logger.debug("--Attribute: "
+ attributesList.item(j).getNodeName() + " = "
+ attributesList.item(j).getNodeValue());
- } }
+ }
+ }
public PersonalAttributeList populateAttributes() {
- IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList();
- Logger.info("Found " + attrLst.size() + " personal attributes in the request." );
+ IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
+ Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
// Define attribute list to be populated
PersonalAttributeList attributeList = new PersonalAttributeList();
- MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkAuthnRequest);
+ MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest);
try {
for (PersonalAttribute personalAttribute : attrLst) {
Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
}
- } catch (Exception e) {
+ } catch (Exception e) {
Logger.error("Exception, attributes: " + e.getMessage());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 190a0d27c..d89fb8cb2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -22,7 +22,7 @@ public class MOAAttributeProvider {
private final IdentityLink identityLink;
private static final Map<String, String> storkAttributeSimpleMapping;
private static final Map<String, String> storkAttributeFunctionMapping;
- private final MOASTORKAuthnRequest moastorkAuthnRequest;
+ private final MOASTORKRequest moastorkRequest;
static {
Map<String, String> tempSimpleMap = new HashMap<String, String>();
@@ -35,9 +35,9 @@ public class MOAAttributeProvider {
storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap);
}
- public MOAAttributeProvider(IdentityLink identityLink, MOASTORKAuthnRequest moastorkAuthnRequest) {
+ public MOAAttributeProvider(IdentityLink identityLink, MOASTORKRequest moastorkRequest) {
this.identityLink = identityLink;
- this.moastorkAuthnRequest = moastorkAuthnRequest;
+ this.moastorkRequest = moastorkRequest;
Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue());
}
@@ -70,9 +70,9 @@ public class MOAAttributeProvider {
}
private String geteIdentifier() {
- Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry());
+ Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry());
try {
- return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry());
+ return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkRequest.getStorkAuthnRequest().getSpCountry());
} catch (BuildException be) {
Logger.error("Stork eid could not be constructed; " + be.getMessage());
return null; // TODO error
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index cee64e16e..8c7fd8706 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -1,52 +1,76 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import org.opensaml.common.xml.SAMLConstants;
/**
+ * Implements MOA request and stores StorkAuthnRequest related data
+ *
* @author bsuzic
- * Date: 12/4/13, Time: 6:31 PM
*/
-public class MOASTORKAuthnRequest implements IRequest {
+public class MOASTORKRequest implements IRequest {
private String requestID;
private String target = null;
String module = null;
String action = null;
private STORKAuthnRequest storkAuthnRequest;
+ private STORKAttrQueryRequest storkAttrQueryRequest;
+ private boolean isAttrRequest = false;
+ private boolean isAuthnRequest = false;
public void setSTORKAuthnRequest(STORKAuthnRequest request) {
this.storkAuthnRequest = request;
+ if (request != null) {
+ isAuthnRequest = true;
+ }
}
+ public void setSTORKAttrRequest(STORKAttrQueryRequest request) {
+ this.storkAttrQueryRequest = request;
+ if (request != null) {
+ isAttrRequest = true;
+ }
+
+ }
+
+ public boolean isAttrRequest() {
+ return this.isAttrRequest;
+ }
+
+ public boolean isAuthnRequest() {
+ return this.isAuthnRequest;
+ }
+
+
public STORKAuthnRequest getStorkAuthnRequest() {
return this.storkAuthnRequest;
}
public String getOAURL() {
- return "https://sp:8889/SP"; //
+ return storkAuthnRequest.getAssertionConsumerServiceURL();
}
public boolean isPassiv() {
- return false; //
+ return false;
}
public boolean forceAuth() {
- return false; //
+ return false;
}
public boolean isSSOSupported() {
- return false; //
+ return false;
}
public String requestedModule() {
- return this.module; //
+ return this.module;
}
public String requestedAction() {
- return action; //
+ return action;
}
public void setModule(String module) {
@@ -58,7 +82,7 @@ public class MOASTORKAuthnRequest implements IRequest {
}
public String getTarget() {
- return this.target; //
+ return this.target;
}
public void setRequestID(String id) {
@@ -66,6 +90,6 @@ public class MOASTORKAuthnRequest implements IRequest {
}
public String getRequestID() {
- return this.requestID; //
+ return this.requestID;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 042d61080..28a516d2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -5,13 +5,12 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.ws.transport.http.HTTPInTransport;
import org.opensaml.ws.transport.http.HTTPOutTransport;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
@@ -20,7 +19,6 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.util.Collections;
import java.util.HashMap;
/**
@@ -81,6 +79,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext();
samlMessageContext.setInboundMessageTransport(profileReq);
+/*
HTTPPostDecoder postDecoder = new HTTPPostDecoder();
postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator
@@ -90,8 +89,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
} catch (Exception e) {
Logger.error("Error decoding STORKAuthnRequest", e);
}
+*/
- MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest();
+ MOASTORKRequest STORK2Request = new MOASTORKRequest();
//extract STORK Response from HTTP Request
@@ -99,7 +99,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
try {
decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest"));
} catch(NullPointerException e) {
- Logger.error("Unable to retrieve STORK Response", e);
+ Logger.error("Unable to retrieve STORK Request", e);
throw new MOAIDException("stork.04", null);
}
@@ -107,13 +107,26 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming");
STORKAuthnRequest authnRequest = null;
+ STORKAttrQueryRequest attrRequest = null;
+ // check if valid authn request is contained
try {
authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);
} catch (STORKSAMLEngineException ex) {
Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() );
}
+
+ // check if a valid attr request is container
+ try {
+ attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken);
+ } catch (STORKSAMLEngineException ex) {
+ Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() );
+ }
+
+
+
+
Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL());
Logger.error("cc " + authnRequest.getCitizenCountryCode());
Logger.error("iss " + authnRequest.getIssuer());
@@ -121,7 +134,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
Logger.error("spi " + authnRequest.getSpInstitution());
STORK2Request.setSTORKAuthnRequest(authnRequest);
-
+ STORK2Request.setSTORKAttrRequest(attrRequest);
return STORK2Request;
}