diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java')
6 files changed, 159 insertions, 94 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 7801f9a54..2735fde68 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -1,11 +1,13 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.io.StringWriter; import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -17,10 +19,19 @@ import at.gv.egovernment.moa.logging.Logger; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; /** * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. @@ -32,54 +43,56 @@ import eu.stork.peps.auth.commons.PersonalAttribute; * */ public class AttributeCollector implements IAction { - - /** The Constant ARTIFACT_ID. */ - private static final String ARTIFACT_ID = "artifactId"; - + + /** + * The Constant ARTIFACT_ID. + */ + private static final String ARTIFACT_ID = "artifactId"; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) */ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - // read configuration parameters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); - - // find the attribute provider plugin that can handle the response - IPersonalAttributeList newAttributes = null; - for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) - try { - newAttributes = current.parse(httpReq); - } catch (UnsupportedAttributeException e1) { - // the current provider cannot find anything familiar within the - // provided httpreq. Try the next one. - } - - if (null == newAttributes) { - // we do not have a provider which is capable of fetching something - // from the received httpreq. - // TODO should we continue with the next attribute? - Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); - throw new MOAIDException("stork.11", null); - } + // read configuration parameters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); - // - fetch the container - String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); - DataContainer container; - try { - container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); - } catch (MOADatabaseException e) { - Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); - throw new MOAIDException("stork.11", null); - } + // find the attribute provider plugin that can handle the response + IPersonalAttributeList newAttributes = null; + for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) + try { + newAttributes = current.parse(httpReq); + + // stop as soon as we hit a capable plugin + break; + } catch (UnsupportedAttributeException e1) { + // the current provider cannot find anything familiar within the + // provided httpreq. Try the next one. + } - // - insert the embedded attribute(s) into the container - for(PersonalAttribute current : newAttributes) - container.getResponse().getPersonalAttributeList().add(current); - - // see if we need some more attributes - return processRequest(container, httpReq, httpResp, moasession, oaParam); + if (null == newAttributes) { + // we do not have a provider which is capable of fetching something + // from the received httpreq. + Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); + } + + // - fetch the container + String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); + DataContainer container; + try { + container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); + } catch (MOADatabaseException e) { + Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); + throw new MOAIDException("stork.11", null); + } + + // - insert the embedded attribute(s) into the container + addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes); + + // see if we need some more attributes + return processRequest(container, httpReq, httpResp, moasession, oaParam); } /** @@ -92,8 +105,6 @@ public class AttributeCollector implements IAction { */ public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { // check if there are attributes we need to fetch - this.httpResp = response; - this.container = container; IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -106,31 +117,42 @@ public class AttributeCollector implements IAction { try { // for each attribute still missing for (PersonalAttribute currentAttribute : missingAttributes) { - // - check if we can find a suitable AttributeProvider Plugin + + /* + * prefill attributes with "notAvailable". If we get them later, we override the value and status. + * This way, there is no error case in which an attribute is left unanswered. + */ + IPersonalAttributeList aquiredAttributes = new PersonalAttributeList(); + currentAttribute.setStatus("notAvailable"); + addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); + + // - check if we can find a suitable AttributeProvider Plugin for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { try { // - hand over control to the suitable plugin - IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); - - // - add the aquired attribute to the container - for (PersonalAttribute current : aquiredAttributes) - container.getResponse().getPersonalAttributeList().add(current); + aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); + break; } catch (UnsupportedAttributeException e) { // ok, try the next attributeprovider } catch (MOAIDException e) { // the current plugin had an error. Try the next one. - // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop } - } + + // check if we could fetch the attribute + if (null == aquiredAttributes) { + // if not + Logger.error("We have no suitable plugin for obtaining the attribute '" + currentAttribute.getName() + "'"); + } else + // else, update any existing attributes + addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); } // build response - generateSTORKResponse(); + generateSTORKResponse(container); // set new http response - generateRedirectResponse(); - response = httpResp; + generateRedirectResponse(response, container); return "12345"; // AssertionId @@ -145,23 +167,25 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); - + e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? - Logger.error("Error putting incomplete Stork response into temporary storage", e); + Logger.error("Error putting incomplete Stork response into temporary storage", e1); throw new MOAIDException("stork.11", null); } return "12345"; // TODO what to do here? } - - } - - private void generateSTORKResponse() throws MOAIDException { + /** + * generates binary response from given response class. + * + * @param container the container + * @throws MOAIDException the mOAID exception + */ + private void generateSTORKResponse(DataContainer container) throws MOAIDException { STORKAuthnResponse authnResponse = container.getResponse(); STORKAuthnRequest authnRequest = container.getRequest(); @@ -179,36 +203,31 @@ public class AttributeCollector implements IAction { } Logger.info("STORK SAML Response message succesfully generated "); - String statusCodeValue = authnResponse.getStatusCode(); - - try { - Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); - Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works - Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); - - } catch (IOException e) { - e.printStackTrace(); - } + Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); + Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); + Logger.debug("authn saml encodedx: " + PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml())); container.setResponse(authnResponse); - } - - private void generateRedirectResponse() { + /** + * writes the storkresponse to the httpresponse using the velocity engine. + * + * @param httpResp the http resp + * @param container the container + */ + private void generateRedirectResponse(HttpServletResponse httpResp, DataContainer container) { STORKAuthnResponse authnResponse = container.getResponse(); STORKAuthnRequest authnRequest = container.getRequest(); - // preparing redirection for the client - try { VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); VelocityContext context = new VelocityContext(); - context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); - Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml()).getBytes()); + Logger.debug("SAMLResponse original: " + new String(authnResponse.getTokenSaml()).getBytes()); Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); context.put("action", authnRequest.getAssertionConsumerServiceURL()); @@ -222,19 +241,30 @@ public class AttributeCollector implements IAction { Logger.debug("Sending html content: " + writer.getBuffer().toString()); Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); - httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); } catch (Exception e) { Logger.error("Velocity error: " + e.getMessage()); } - - //HttpSession httpSession = this.httpResp.getSession(); - //httpSession.setAttribute("STORKSessionID", "12345"); - //Logger.info("Status code again: " + authnResponse.getStatusCode()); - - //return "12345"; // AssertionId } + + /** + * Adds or updates all {@link PersonalAttribute} objects given in {@code source} to/in {@code target}. + * + * @param target the target + * @param source the source + */ + private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) { + for (PersonalAttribute current : source) { + // check if we need to update the current pa + if (target.containsKey(current.getName())) { + target.get(current.getName()).setStatus(current.getStatus()); + target.get(current.getName()).setValue(current.getValue()); + target.get(current.getName()).setComplexValue(current.getComplexValue()); + } else + target.add(current); + } + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 59376fef6..6fba91fde 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -34,13 +34,13 @@ public interface AttributeProvider { * Perform redirect. * * @param url the return URL ending with ?artifactId=... - * @param citizenCountyCode the citizen county code + * @param spCountyCode the sp county code * @param req the request we got from the S-PEPS and for which we have to ask our APs * @param resp the response to the preceding request * @param oaParam the oa param - * @throws MOAIDException + * @throws MOAIDException the mOAID exception */ - public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; + public void performRedirect(String url, String spCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; /** * Parses the response we got from the external attribute provider. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java index 40c827ef8..a1c40526d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java @@ -23,6 +23,9 @@ public class DataContainer implements Serializable { /** The target. */ private String target; + /** The remote address. */ + private String remoteAddress; + /** * Gets the request. * @@ -76,4 +79,22 @@ public class DataContainer implements Serializable { public void setTarget(String target) { this.target = target; } + + /** + * Gets the remote address. + * + * @return the remote address + */ + public String getRemoteAddress() { + return remoteAddress; + } + + /** + * Sets the remote address. + * + * @param remoteAddress the new remote address + */ + public void setRemoteAddress(String remoteAddress) { + this.remoteAddress = remoteAddress; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 8b96e0d10..4404af4e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -204,7 +204,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter) */ @Override - public void performRedirect(String url, String citizenCountyCode, + public void performRedirect(String url, String spCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { // there is no redirect required diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java index 29b09487b..56f31723c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java @@ -1,12 +1,27 @@ package at.gv.egovernment.moa.id.protocols.stork2; public class ExternalAttributeRequestRequiredException extends Exception { + + /** The Constant serialVersionUID. */ + private static final long serialVersionUID = 5207631348933518908L; + + /** The ap. */ private AttributeProvider ap; + /** + * Instantiates a new external attribute request required exception. + * + * @param provider the provider + */ public ExternalAttributeRequestRequiredException(AttributeProvider provider) { ap = provider; } + /** + * Gets the ap. + * + * @return the ap + */ public AttributeProvider getAp() { return ap; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index bd6f192dc..5efdfd117 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -91,13 +91,11 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) */ - @Override - public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { + public void performRedirect(String url, String spCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { String spSector = "Business"; String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; - String spCountry = "AT"; //generate AuthnRquest STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); @@ -106,12 +104,13 @@ public class StorkAttributeRequestProvider implements AttributeProvider { attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); attributeRequest.setQaa(oaParam.getQaaLevel()); attributeRequest.setSpInstitution(spInstitution); - attributeRequest.setCountry(spCountry); + attributeRequest.setCountry(spCountryCode); + attributeRequest.setSpCountry(spCountryCode); attributeRequest.setSpApplication(spApplication); attributeRequest.setSpSector(spSector); attributeRequest.setPersonalAttributeList(requestedAttributes); - attributeRequest.setCitizenCountryCode(citizenCountryCode); + attributeRequest.setCitizenCountryCode("AT"); Logger.debug("STORK AttrRequest succesfully assembled."); |