diff options
Diffstat (limited to 'id/server/idserverlib/src/main')
3 files changed, 359 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index e69de29bb..49b6bba8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -0,0 +1,160 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.api.messages.StartAuthResponse; +import eu.stork.vidp.messages.stork.SpInstitution; +import eu.stork.vidp.messages.util.SAMLUtil; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +import org.opensaml.xml.util.Base64; +import org.opensaml.xml.util.XMLHelper; + +import javax.servlet.ServletOutputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.OutputStreamWriter; +import java.io.Writer; +import java.util.HashMap; + +/** + * @author bsuzic + * Date: 12/3/13, Time: 2:08 PM + */ + +public class AuthenticationRequest implements IAction { + /* + Second request step - after authentication of the user is done and moasession obtained, + process request and forward the user further to PEPS and/or other entities + */ + + + private VelocityEngine velocityEngine; + + + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + Logger.debug("Starting AuthenticationRequest"); + //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); + Logger.debug("Http Response: " + httpResp.toString() + ", "); + Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); + httpResp.reset(); + //httpResp.addHeader("Location", "http:/www.google.com"); + if (req instanceof STORKAuthnRequestDEL) { + Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); + StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); + + HttpSession httpSession = httpReq.getSession(); + httpSession.setAttribute("STORKSessionID", "12345"); + httpResp.setStatus(startAuthResponse.getHttpStatusCode()); + try { + ServletOutputStream os = httpResp.getOutputStream(); + String html = new String(startAuthResponse.getContent()); + + + if (html.contains("<![CDATA[")) { + Logger.info("-------- content contains <![CDATA[-----------------"); + Logger.info("-------- content contains html -----------------"); + Logger.info("HTML : " + html); + int beginIndex = html.indexOf("<![CDATA["); + int endIndex = html.indexOf("]]>"); + html = html.substring(beginIndex + 9, endIndex); + startAuthResponse.setContent(html.getBytes()); + + } + Logger.info("HTML : " + html); + + os.write(startAuthResponse.getContent()); + Logger.info("Response sent to client"); + } catch (IOException e) { + Logger.error("ERROR MOA"); + throw new MOAIDException("error response sending", new Object[]{}); + } + //httpSession.setAttribute("CCC", ccc); + } + + + //httpResp.setStatus(200); + //VPEPSInboundPostHandler + + + return "12345"; // AssertionId + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + return true; + } + + + public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) { + + StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap<String, String>()); + + if (authnRequest.getSPID() != null) { + Logger.debug("SP id: " + authnRequest.getSPID()); + } else { + SpInstitution spInstitution = (SpInstitution)authnRequest.getExtensions().getUnknownXMLObjects(SpInstitution.DEFAULT_ELEMENT_NAME).get(0); + Logger.debug("SP institution: " + spInstitution.getValue()); + } + + Logger.debug("SPEPS issuer: " + authnRequest.getIssuer().getValue()); + Logger.debug("SPEPS Consumer URL: " + authnRequest.getAssertionConsumerServiceURL()); + + + + try { + + initVelocityEngine(); + VelocityContext velocityContext = new VelocityContext(); + + velocityContext.put("action", authnRequest.getDestination()); + if (authnRequest.getDOM() == null) { + SAMLUtil.marshallMessage(authnRequest); + } + + String messageXML = XMLHelper.nodeToString(authnRequest.getDOM()); + String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES); + velocityContext.put("SAMLRequest", encodedMessage); + ByteArrayOutputStream outStream = new ByteArrayOutputStream(); + + Writer out = new OutputStreamWriter(outStream, "UTF-8"); + velocityEngine.mergeTemplate("/templates/saml2-post-binding.vm", "UTF-8", velocityContext, out); + out.flush(); + authResponse.setContent(outStream.toByteArray()); + + authResponse.addHeader("Content-Type", "text/html; charset=utf-8"); + authResponse.addHeader("Cache-Control", "no-cache"); + authResponse.setHttpStatusCode(200); + + } catch (Exception e) { + Logger.error("ERROR"); + } + + + return authResponse; + } + + public String getDefaultActionName() { + return STORKProtocol.AUTHENTICATIONREQUEST; + } + + + private void initVelocityEngine() throws Exception { + velocityEngine = new VelocityEngine(); + velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + velocityEngine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + + velocityEngine.init(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java index e69de29bb..9e3e7f53d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java @@ -0,0 +1,72 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.moduls.IRequest; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.messages.saml.impl.STORKAuthnRequestImpl; +import org.opensaml.common.xml.SAMLConstants; + +/** + * @author bsuzic + * Date: 12/4/13, Time: 6:31 PM + */ +//public class STORKAuthnRequestDEL extends STORKAuthnRequestImpl implements IRequest { + +public class STORKAuthnRequestDEL implements IRequest { + private String requestID; + private String target = null; + String module = null; + String action = null; + private STORKAuthnRequest storkAuthnRequest; + + public void setSTORKAuthnRequest(STORKAuthnRequestImpl request) { + this.storkAuthnRequest = request; + } + + public STORKAuthnRequest getStorkAuthnRequest() { + return this.storkAuthnRequest; + } + + public String getOAURL() { + return "https://sp:8889/SP"; // + } + + public boolean isPassiv() { + return false; // + } + + public boolean forceAuth() { + return false; // + } + + public boolean isSSOSupported() { + return false; // + } + + public String requestedModule() { + return this.module; // + } + + public String requestedAction() { + return action; // + } + + public void setModule(String module) { + this.module = module; + } + + public void setAction(String action) { + this.action = action; + } + + public String getTarget() { + return this.target; // + } + + public void setRequestID(String id) { + this.requestID = id; + } + + public String getRequestID() { + return this.requestID; // + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java index e69de29bb..15096083e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java @@ -0,0 +1,127 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.messages.saml.impl.STORKAuthnRequestImpl; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.ws.transport.http.HTTPInTransport; +import org.opensaml.ws.transport.http.HTTPOutTransport; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Collections; +import java.util.HashMap; + +/** + * Stork 2 Protocol Support + * Date: 11/29/13, Time: 12:32 PM + * @author bsuzic + */ +public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { + + public static final String NAME = STORKProtocol.class.getName(); + public static final String PATH = "id_stork2"; + + public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; + + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + + static { + + actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); + + instance = new STORKProtocol(); + } + + private static STORKProtocol instance = null; + + + public String getName() { + return NAME; + } + + public String getPath() { + return PATH; + } + + public IAction getAction(String action) { + return actions.get(action); + } + + /* + First request step - send it to BKU selection for user authentication. After the user credentials + and other info are obtained, in the second step the request will be processed and the user redirected + */ + public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { + Logger.debug("Starting preprocessing"); + Logger.debug("Got request: " + request.toString()); + Logger.debug("Request method: " + request.getMethod()); + for (Object o : Collections.list(request.getHeaderNames())) { + Logger.debug("Request header: " + o.toString() + ":::" + request.getHeader(o.toString())); + } + for (Object o : Collections.list(request.getParameterNames())) { + Logger.debug("Request parameter: " + o.toString() + "::::" + request.getParameter(o.toString())); + } + + Logger.debug("Request content length: " + request.getContentLength()); + Logger.debug("Request query: " + request.getQueryString()); + Logger.debug("Response: " + response.toString()); + Logger.debug("Action: " + action); + + Logger.debug("Processing saml request"); + String SAMLRequest = request.getParameter("SAMLRequest"); + + HTTPInTransport profileReq = new HttpServletRequestAdapter(request); + HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure()); + + + BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); + samlMessageContext.setInboundMessageTransport(profileReq); + + HTTPPostDecoder postDecoder = new HTTPPostDecoder(); + postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator + + try { + Logger.debug("Attempting to decode request..."); + postDecoder.decode(samlMessageContext); + } catch (Exception e) { + Logger.error("Error decoding STORKAuthnRequest", e); + } + + STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); + //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage(); + STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); + STORK2Request.setSTORKAuthnRequest(ST2Req); + + Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode()); + Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel()); + Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); + + + return STORK2Request; + } + + public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { + return null; + } + + public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { + return false; + } + + public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { + return false; + } +} + + |