diff options
Diffstat (limited to 'id/server/idserverlib/src/main')
12 files changed, 711 insertions, 493 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index bd87737ed..226d05520 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -2,19 +2,19 @@ * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * + * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works @@ -46,91 +46,141 @@ package at.gv.egovernment.moa.id.auth.builder; -import java.security.MessageDigest; - import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; +import java.security.MessageDigest; + /** * Builder for the bPK, as defined in * <code>"Ableitung f¨r die bereichsspezifische Personenkennzeichnung"</code> * version <code>1.0.1</code> from <code>"reference.e-government.gv.at"</code>. - * + * * @author Paul Schamberger * @version $Id$ */ public class BPKBuilder { - /** - * Builds the bPK from the given parameters. - * @param identificationValue Base64 encoded "Stammzahl" - * @param target "Bereich lt. Verordnung des BKA" - * @return bPK in a BASE64 encoding - * @throws BuildException if an error occurs on building the bPK - */ - public String buildBPK(String identificationValue, String target) - throws BuildException { - - if ((identificationValue == null || - identificationValue.length() == 0 || - target == null || - target.length() == 0)) - { - throw new BuildException("builder.00", - new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" + - identificationValue + ",target=" + target}); + /** + * Builds the bPK from the given parameters. + * + * @param identificationValue Base64 encoded "Stammzahl" + * @param target "Bereich lt. Verordnung des BKA" + * @return bPK in a BASE64 encoding + * @throws BuildException if an error occurs on building the bPK + */ + public String buildBPK(String identificationValue, String target) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + target == null || + target.length() == 0)) { + throw new BuildException("builder.00", + new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ",target=" + target}); + } + String basisbegriff; + if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) + basisbegriff = identificationValue + "+" + target; + else + basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; + + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[]{"bPK", ex.toString()}, ex); + } } - String basisbegriff; - if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) - basisbegriff = identificationValue + "+" + target; - else - basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; - - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - } catch (Exception ex) { - throw new BuildException("builder.00", new Object[] {"bPK", ex.toString()}, ex); + + /** + * Builds the wbPK from the given parameters. + * + * @param identificationValue Base64 encoded "Stammzahl" + * @param registerAndOrdNr type of register + "+" + number in register. + * @return wbPK in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + public String buildWBPK(String identificationValue, String registerAndOrdNr) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + registerAndOrdNr == null || + registerAndOrdNr.length() == 0)) { + throw new BuildException("builder.00", + new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); + } + + String basisbegriff; + if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+")) + basisbegriff = identificationValue + "+" + registerAndOrdNr; + else + basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; + + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[]{"wbPK", ex.toString()}, ex); + } } - } - - /** - * Builds the wbPK from the given parameters. - * @param identificationValue Base64 encoded "Stammzahl" - * @param registerAndOrdNr type of register + "+" + number in register. - * @return wbPK in a BASE64 encoding - * @throws BuildException if an error occurs on building the wbPK - */ - public String buildWBPK(String identificationValue, String registerAndOrdNr) - throws BuildException { - - if ((identificationValue == null || - identificationValue.length() == 0 || - registerAndOrdNr == null || - registerAndOrdNr.length() == 0)) - { - throw new BuildException("builder.00", - new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + - identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); + + /** + * Builds the storkeid from the given parameters. + * + * @param identificationValue Base64 encoded "Stammzahl" + * @param destinationCountry destination country code (2 chars) + * @return storkid in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + public String buildStorkbPK(String identificationValue, String destinationCountry) + throws BuildException { + return buildStorkbPK(identificationValue, "AT", destinationCountry); } - - String basisbegriff; - if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+" )) - basisbegriff = identificationValue + "+" + registerAndOrdNr; - else - basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; - - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - } catch (Exception ex) { - throw new BuildException("builder.00", new Object[] {"wbPK", ex.toString()}, ex); + + + /** + * Builds the storkeid from the given parameters. + * + * @param identificationValue Base64 encoded "Stammzahl" + * @param sourceCountry source country code (2 chars) + * @param destinationCountry destination country code (2 chars) + * @return storkid in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + public String buildStorkbPK(String identificationValue, String sourceCountry, String destinationCountry) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + destinationCountry == null || + destinationCountry.length() == 0 || + sourceCountry == null || + sourceCountry.length() == 0)) { + throw new BuildException("builder.00", + new Object[]{"storkid", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); + } + + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry; + + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[]{"storkid", ex.toString()}, ex); + } } - } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index d655dc7f2..4dec2c32e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -68,6 +68,12 @@ public class STORKConfig { //List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = new ArrayList<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS>(); // TODO Change this
+ try {
+ cpeps = stork.getCPEPS();
+ } catch (NullPointerException ex) {
+ Logger.error("CPEPS not configured!");
+ }
+
cpepsMap = new HashMap<String, CPEPS>();
if (cpeps != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java index 65634bed3..b6fe20a61 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java @@ -2,19 +2,19 @@ * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * + * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works @@ -46,98 +46,120 @@ package at.gv.egovernment.moa.id.iaik.config; -import java.io.File; - import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; -import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.logging.Logger; import iaik.pki.store.certstore.CertStoreConfiguration; import iaik.pki.store.certstore.CertStoreParameters; import iaik.pki.store.certstore.CertStoreTypes; import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; +import java.io.File; + /** * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> + * * @author Paul Ivancsics * @version $Id$ */ -public class CertStoreConfigurationImpl extends ObservableImpl - implements CertStoreConfiguration, DirectoryCertStoreParameters { - /** identifies the rootDirectory */ - private String rootDirectory; - /** ConfigurationProvider */ - private ConfigurationProvider conf; - /** Array for storing all CertStoreParameters */ - private CertStoreParameters[] parameters; - - /** - * Create a new <code>CertStoreConfigurationImpl</code>. - * - * @param conf The MOA configuration from which the configuration data is - * @throws ConfigurationException an any config-error - * being read. - */ - public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { - this.conf=conf; - - String certStoreRootDirParam = conf.getCertstoreDirectory(); - - if (certStoreRootDirParam == null) - throw new ConfigurationException( - "config.08", new Object[] {"CertStoreDirectory"}); - - rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); - if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6); - File f = new File(rootDirectory); - if (!f.isDirectory()) - throw new ConfigurationException( - "config.05", new Object[] {"CertStoreDirectory"}); - - parameters = new CertStoreParameters[] { this }; - } - - /** - * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters() - */ - public CertStoreParameters[] getParameters() { - return parameters; - } - - /** - * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory() - */ - public String getRootDirectory() { - return rootDirectory; - } - - /** - * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() - */ - public boolean createNew() { - return false; - } - - /** - * @see iaik.pki.store.certstore.CertStoreParameters#getId() - */ - public String getId() { - return "MOA ID Directory CertStore"; - } - - /** - * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly() - */ - public boolean isReadOnly() { - return false; - } - - /** - * @return <code>CertStoreTypes.DIRECTORY</code> - * @see iaik.pki.store.certstore.CertStoreParameters#getType() - */ - public String getType() { - return CertStoreTypes.DIRECTORY; - } +public class CertStoreConfigurationImpl extends ObservableImpl + implements CertStoreConfiguration, DirectoryCertStoreParameters { + /** + * identifies the rootDirectory + */ + private String rootDirectory; + /** + * ConfigurationProvider + */ + private ConfigurationProvider conf; + /** + * Array for storing all CertStoreParameters + */ + private CertStoreParameters[] parameters; + + /** + * Create a new <code>CertStoreConfigurationImpl</code>. + * + * @param conf The MOA configuration from which the configuration data is + * @throws ConfigurationException an any config-error + * being read. + */ + public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { + this.conf = conf; + + String certStoreRootDirParam = conf.getCertstoreDirectory(); + + if (certStoreRootDirParam == null) + throw new ConfigurationException( + "config.08", new Object[]{"CertStoreDirectory"}); + + //rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); + rootDirectory = certStoreRootDirParam; + Logger.error("Using file: " + rootDirectory); + if (rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(5); + Logger.error("Using file2: " + rootDirectory); + + File f = new File(rootDirectory); + //Logger.error("Using file: " + certStoreRootDirParam + " param: " + conf.getRootConfigFileDir()); + + if (!f.exists()) { + Logger.error("File does not exists: " + f.getAbsolutePath()); + throw new ConfigurationException( + "config.05", new Object[]{"CertStoreDirectory"}); + } + + if (!f.isDirectory()) { + Logger.error("File is not a directory: " + f.getAbsolutePath()); + throw new ConfigurationException( + "config.05", new Object[]{"CertStoreDirectory"}); + } + + + parameters = new CertStoreParameters[]{this}; + } + + /** + * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters() + */ + public CertStoreParameters[] getParameters() { + return parameters; + } + + /** + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory() + */ + public String getRootDirectory() { + return rootDirectory; + } + + /** + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() + */ + public boolean createNew() { + return false; + } + + /** + * @see iaik.pki.store.certstore.CertStoreParameters#getId() + */ + public String getId() { + return "MOA ID Directory CertStore"; + } + + /** + * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly() + */ + public boolean isReadOnly() { + return false; + } + + /** + * @return <code>CertStoreTypes.DIRECTORY</code> + * @see iaik.pki.store.certstore.CertStoreParameters#getType() + */ + public String getType() { + return CertStoreTypes.DIRECTORY; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 3b78ef37c..57c68e94c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -1,11 +1,9 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import java.util.ArrayList; -import java.util.List; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -13,180 +11,254 @@ import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.commons.io.IOUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; - -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; +import javax.servlet.http.HttpSession; +import java.io.IOException; +import java.io.StringWriter; +import java.util.ArrayList; +import java.util.List; /** * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. * The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes. * Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user * interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes. - * + * <p/> * TODO how do we treat mandatory and optional attributes? - * */ public class AttributeCollector implements IAction { - - /** The Constant ARTIFACT_ID. */ - private static final String ARTIFACT_ID = "artifactId"; - + + /** + * The Constant ARTIFACT_ID. + */ + private static final String ARTIFACT_ID = "artifactId"; + private DataContainer container; + private HttpServletResponse httpResp; + + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) */ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - // read configuration parameters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); - - // find the attribute provider plugin that can handle the response - IPersonalAttributeList newAttributes = null; - for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) - try { - newAttributes = current.parse(httpReq); - } catch (UnsupportedAttributeException e1) { - // the current provider cannot find anything familiar within the - // provided httpreq. Try the next one. - } - - if (null == newAttributes) { - // we do not have a provider which is capable of fetching something - // from the received httpreq. - // TODO should we continue with the next attribute? - Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); - throw new MOAIDException("stork.11", null); - } - - // - fetch the container - String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); - DataContainer container; - try { - container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); - } catch (MOADatabaseException e) { - Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); - throw new MOAIDException("stork.11", null); - } - - // - insert the embedded attribute(s) into the container - for(PersonalAttribute current : newAttributes) - container.getResponse().getPersonalAttributeList().add(current); - - // see if we need some more attributes - return processRequest(container, httpReq, httpResp, moasession, oaParam); + this.httpResp = httpResp; + + // read configuration parameters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + + // find the attribute provider plugin that can handle the response + IPersonalAttributeList newAttributes = null; + for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) + try { + newAttributes = current.parse(httpReq); + } catch (UnsupportedAttributeException e1) { + // the current provider cannot find anything familiar within the + // provided httpreq. Try the next one. + // TODO check the loop + } + + if (null == newAttributes) { + // we do not have a provider which is capable of fetching something + // from the received httpreq. + // TODO should we continue with the next attribute? + Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); + throw new MOAIDException("stork.11", null); + } + + // - fetch the container + String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); + DataContainer container; + try { + container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); + } catch (MOADatabaseException e) { + Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); + throw new MOAIDException("stork.11", null); + } + + + + // - insert the embedded attribute(s) into the container + for (PersonalAttribute current : newAttributes) + container.getResponse().getPersonalAttributeList().add(current); + + // see if we need some more attributes + return processRequest(container, httpReq, httpResp, moasession, oaParam); } - + /** * Checks if there are missing attributes and tries to fetch them. If there are no more attribute to fetch, * this very method creates and sends the protocol result to the asking S-PEPS. * * @param container the {@link DataContainer} representing the status of the overall query. * @return the string - * @throws MOAIDException + * @throws MOAIDException */ public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { - // check if there are attributes we need to fetch - IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); - IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); - List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>(); - for(PersonalAttribute current : requestAttributeList) - if(!responseAttributeList.containsKey(current)) - missingAttributes.add(current); - - try { - // for each attribute still missing - for(PersonalAttribute currentAttribute : missingAttributes) { - // - check if we can find a suitable AttributeProvider Plugin - for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { - try { - // - hand over control to the suitable plugin - IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); - - // - add the aquired attribute to the container - for(PersonalAttribute current : aquiredAttributes) - container.getResponse().getPersonalAttributeList().add(current); - } catch(UnsupportedAttributeException e) { - // ok, try the next attributeprovider - } catch(MOAIDException e) { - // the current plugin had an error. Try the next one. - // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop - } - - } - } - } catch (ExternalAttributeRequestRequiredException e) { - // the attribute request is ongoing and requires an external service. - try { - // memorize the container again - // - generate new key - String newArtifactId = new SecureRandomIdentifierGenerator() - .generateIdentifier(); /* - Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); - StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); - - HttpSession httpSession = httpReq.getSession(); - httpSession.setAttribute("STORKSessionID", "12345"); - httpResp.setStatus(startAuthResponse.getHttpStatusCode()); - try { - ServletOutputStream os = httpResp.getOutputStream(); - String html = new String(startAuthResponse.getContent()); - - - if (html.contains("<![CDATA[")) { - Logger.info("-------- content contains <![CDATA[-----------------"); - Logger.info("-------- content contains html -----------------"); - Logger.info("HTML : " + html); - int beginIndex = html.indexOf("<![CDATA["); - int endIndex = html.indexOf("]]>"); - html = html.substring(beginIndex + 9, endIndex); - startAuthResponse.setContent(html.getBytes()); + // check if there are attributes we need to fetch + this.httpResp = response; + this.container = container; + + IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); + IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); + List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>(); + for (PersonalAttribute current : requestAttributeList) + if (!responseAttributeList.containsKey(current)) + missingAttributes.add(current); + + // Try to get all missing attributes + try { + // for each attribute still missing + for (PersonalAttribute currentAttribute : missingAttributes) { + // - check if we can find a suitable AttributeProvider Plugin + for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { + try { + // - hand over control to the suitable plugin + IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); + + // - add the aquired attribute to the container + for (PersonalAttribute current : aquiredAttributes) + container.getResponse().getPersonalAttributeList().add(current); + } catch (UnsupportedAttributeException e) { + // ok, try the next attributeprovider + } catch (MOAIDException e) { + // the current plugin had an error. Try the next one. + // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop + } + } - Logger.info("HTML : " + html); + } + + // build response + generateSTORKResponse(); + + // set new http response + generateRedirectResponse(); + response = httpResp; + + return "12345"; // AssertionId + + } catch (ExternalAttributeRequestRequiredException e) { + // the attribute request is ongoing and requires an external service. + try { + // memorize the container again + // - generate new key + String newArtifactId = new SecureRandomIdentifierGenerator() + .generateIdentifier(); + // - put container in temporary store. + AssertionStorage.getInstance().put(newArtifactId, container); + + // add container-key to redirect embedded within the return URL + e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); + - os.write(startAuthResponse.getContent()); - Logger.info("Response sent to client"); - } catch (IOException e) { - Logger.error("ERROR MOA"); - throw new MOAIDException("error response sending", new Object[]{}); + } catch (Exception e1) { + // TODO should we return the response as is to the PEPS? + Logger.error("Error putting incomplete Stork response into temporary storage", e); + throw new MOAIDException("stork.11", null); } - //httpSession.setAttribute("CCC", ccc); - */ + return "12345"; // TODO what to do here? + } + + + } + + + private void generateSTORKResponse() throws MOAIDException { + STORKAuthnResponse authnResponse = container.getResponse(); + STORKAuthnRequest authnRequest = container.getRequest(); + + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + Logger.debug("Starting generation of SAML response"); + authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false); + + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); } + Logger.info("STORK SAML Response message succesfully generated "); + String statusCodeValue = authnResponse.getStatusCode(); - //httpResp.setStatus(200); - //VPEPSInboundPostHandler + try { + Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); + Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works + Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); - // - put container in temporary store. - AssertionStorage.getInstance().put(newArtifactId, container); + } catch (IOException e) { + e.printStackTrace(); + } + + container.setResponse(authnResponse); + + } + + + private void generateRedirectResponse() { + STORKAuthnResponse authnResponse = container.getResponse(); + STORKAuthnRequest authnRequest = container.getRequest(); + + + // preparing redirection for the client + + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + + context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + + Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); + context.put("action", authnRequest.getAssertionConsumerServiceURL()); + Logger.debug("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.debug("Doing template merge"); + template.merge(context, writer); + Logger.debug("Template merge done"); + + Logger.debug("Sending html content: " + writer.getBuffer().toString()); + Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + + + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + } - // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); - } catch (Exception e1) { - // TODO should we return the response as is to the PEPS? - Logger.error("Error putting incomplete Stork response into temporary storage", e); - throw new MOAIDException("stork.11", null); - } + //HttpSession httpSession = this.httpResp.getSession(); + //httpSession.setAttribute("STORKSessionID", "12345"); + //Logger.info("Status code again: " + authnResponse.getStatusCode()); - return "12345"; // TODO what to do here? - } - // build response - // done - return "12345"; // AssertionId + //return "12345"; // AssertionId } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { - // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. + // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. return false; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 1f6ffaa9a..e10c4d9d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -1,11 +1,23 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; +import edu.emory.mathcs.backport.java.util.Collections; +import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.commons.io.IOUtils; +import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; @@ -15,12 +27,12 @@ import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStreamWriter; -import java.io.Writer; +import java.io.*; import java.util.HashMap; import eu.stork.peps.auth.engine.SAMLEngine; +import org.w3c.dom.Element; +import org.w3c.dom.NamedNodeMap; + /** * @author bsuzic @@ -35,68 +47,88 @@ public class AuthenticationRequest implements IAction { private VelocityEngine velocityEngine; + private AuthenticationSession moaSession; + private MOASTORKAuthnRequest moaStorkAuthnRequest; public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + + this.moaSession = moasession; + this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req; + + try { + MISMandate mandate = moasession.getMISMandate(); + String owbpk = mandate.getOWbPK(); + byte[] mand = mandate.getMandate(); + String profprep = mandate.getProfRep(); + //String textdesc = mandate.getTextualDescriptionOfOID(); + Element mndt = moasession.getMandate(); + + iterate(mndt.getAttributes()); + Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); + } catch (Exception x) {} + Logger.debug("Starting AuthenticationRequest"); //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); Logger.debug("Http Response: " + httpResp.toString() + ", "); + Logger.debug("Remote user: " + httpReq.getRemoteAddr()); Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); httpResp.reset(); - //httpResp.addHeader("Location", "http:/www.google.com"); - if (req instanceof STORKAuthnRequestDEL) { - /* - Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); - StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); - - HttpSession httpSession = httpReq.getSession(); - httpSession.setAttribute("STORKSessionID", "12345"); - httpResp.setStatus(startAuthResponse.getHttpStatusCode()); - try { - ServletOutputStream os = httpResp.getOutputStream(); - String html = new String(startAuthResponse.getContent()); - - - if (html.contains("<![CDATA[")) { - Logger.info("-------- content contains <![CDATA[-----------------"); - Logger.info("-------- content contains html -----------------"); - Logger.info("HTML : " + html); - int beginIndex = html.indexOf("<![CDATA["); - int endIndex = html.indexOf("]]>"); - html = html.substring(beginIndex + 9, endIndex); - startAuthResponse.setContent(html.getBytes()); - } - Logger.info("HTML : " + html); - os.write(startAuthResponse.getContent()); - Logger.info("Response sent to client"); - } catch (IOException e) { - Logger.error("ERROR MOA"); - throw new MOAIDException("error response sending", new Object[]{}); + STORKAuthnResponse authnResponse = new STORKAuthnResponse(); + authnResponse.setCountry(((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getSpCountry()); + + + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + + + // Prepare basic AT attributes + try { + IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); + Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); + + + for (PersonalAttribute personalAttribute : moaAttrList) { + Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); + if (personalAttribute.getValue().size() > 0) { + for (String value : personalAttribute.getValue()) { + Logger.info(" Value found: " + value); + } + } } - //httpSession.setAttribute("CCC", ccc); - */ + } catch (Exception e) { + Logger.error("Exception, attributes: " + e.getMessage()); } + // Get personal attributtes from MOA/IdentityLink + authnResponse.setPersonalAttributeList(populateAttributes()); + + // Prepare extended attributes + Logger.debug("Preparing data container"); - //httpResp.setStatus(200); - //VPEPSInboundPostHandler - // create fresh container DataContainer container = new DataContainer(); - + // - fill in the request we extracted above - container.setRequest(request); + container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); // - fill in the partial response created above - container.setResponse(response); + container.setResponse(authnResponse); // - memorize the target url were we have to return the result - container.setTarget(target); - - // see if we need to fetch further attributes - return (new AttributeCollector()).processRequest(container); + container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + + container.setRemoteAddress(httpReq.getRemoteAddr()); + + + Logger.debug("Data container prepared"); + + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { @@ -104,58 +136,40 @@ public class AuthenticationRequest implements IAction { } - /* + private void iterate(NamedNodeMap attributesList) { + for (int j = 0; j < attributesList.getLength(); j++) { + Logger.debug("--Attribute: " + + attributesList.item(j).getNodeName() + " = " + + attributesList.item(j).getNodeValue()); + } } - public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) { - StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap<String, String>()); - - if (authnRequest.getSPID() != null) { - Logger.debug("SP id: " + authnRequest.getSPID()); - } else { - SpInstitution spInstitution = (SpInstitution)authnRequest.getExtensions().getUnknownXMLObjects(SpInstitution.DEFAULT_ELEMENT_NAME).get(0); - Logger.debug("SP institution: " + spInstitution.getValue()); - } - - Logger.debug("SPEPS issuer: " + authnRequest.getIssuer().getValue()); - Logger.debug("SPEPS Consumer URL: " + authnRequest.getAssertionConsumerServiceURL()); + public PersonalAttributeList populateAttributes() { + IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList(); + Logger.info("Found " + attrLst.size() + " personal attributes in the request." ); + // Define attribute list to be populated + PersonalAttributeList attributeList = new PersonalAttributeList(); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkAuthnRequest); try { - - initVelocityEngine(); - VelocityContext velocityContext = new VelocityContext(); - - velocityContext.put("action", authnRequest.getDestination()); - if (authnRequest.getDOM() == null) { - SAMLUtil.marshallMessage(authnRequest); + for (PersonalAttribute personalAttribute : attrLst) { + Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); + moaAttributeProvider.populateAttribute(attributeList, personalAttribute); } - - String messageXML = XMLHelper.nodeToString(authnRequest.getDOM()); - String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES); - velocityContext.put("SAMLRequest", encodedMessage); - ByteArrayOutputStream outStream = new ByteArrayOutputStream(); - - Writer out = new OutputStreamWriter(outStream, "UTF-8"); - velocityEngine.mergeTemplate("/templates/saml2-post-binding.vm", "UTF-8", velocityContext, out); - out.flush(); - authResponse.setContent(outStream.toByteArray()); - - authResponse.addHeader("Content-Type", "text/html; charset=utf-8"); - authResponse.addHeader("Cache-Control", "no-cache"); - authResponse.setHttpStatusCode(200); - - } catch (Exception e) { - Logger.error("ERROR"); + } catch (Exception e) { + Logger.error("Exception, attributes: " + e.getMessage()); } + Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock()); + Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName()); + Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier()); + Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken()); - return authResponse; + return attributeList; } - */ - public String getDefaultActionName() { return STORKProtocol.AUTHENTICATIONREQUEST; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java index 40c827ef8..44ad0000a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java @@ -22,8 +22,9 @@ public class DataContainer implements Serializable { /** The target. */ private String target; - - /** + private String remoteAddress; + + /** * Gets the request. * * @return the request @@ -76,4 +77,13 @@ public class DataContainer implements Serializable { public void setTarget(String target) { this.target = target; } + + /* + Sets IP address + */ + public void setRemoteAddress(String address) { this.remoteAddress = address; } + public String getRemoteAddress() { + return this.remoteAddress; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java new file mode 100644 index 000000000..190a0d27c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -0,0 +1,105 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +/** + * @author bsuzic + * Date: 2/19/14, Time: 4:42 PM + */ +public class MOAAttributeProvider { + private final IdentityLink identityLink; + private static final Map<String, String> storkAttributeSimpleMapping; + private static final Map<String, String> storkAttributeFunctionMapping; + private final MOASTORKAuthnRequest moastorkAuthnRequest; + + static { + Map<String, String> tempSimpleMap = new HashMap<String, String>(); + tempSimpleMap.put("givenName", "getGivenName"); + tempSimpleMap.put("surname", "getFamilyName"); + tempSimpleMap.put("dateOfBirth", "getDateOfBirth"); + storkAttributeSimpleMapping = Collections.unmodifiableMap(tempSimpleMap); + Map<String, String> tempFunctionMap = new HashMap<String, String>(); + tempFunctionMap.put("eIdentifier", "geteIdentifier"); + storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); + } + + public MOAAttributeProvider(IdentityLink identityLink, MOASTORKAuthnRequest moastorkAuthnRequest) { + this.identityLink = identityLink; + this.moastorkAuthnRequest = moastorkAuthnRequest; + Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue()); + } + + public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) { + String storkAttribute = requestedAttribute.getName(); + + if (storkAttributeSimpleMapping.containsKey(storkAttribute)) { + Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]"); + try { + Method method = identityLink.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute)); + populateAttributeWithMethod(method, identityLink, attributeList, storkAttribute, requestedAttribute.isRequired()); + } catch (NoSuchMethodException e) { + Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); + e.printStackTrace(); + } + + } else if (storkAttributeFunctionMapping.containsKey(storkAttribute)) { + + Logger.debug("Trying to get value for attribute using function mapping [" + storkAttribute + "]"); + try { + Method method = this.getClass().getDeclaredMethod(storkAttributeFunctionMapping.get(storkAttribute)); + populateAttributeWithMethod(method, this, attributeList, storkAttribute, requestedAttribute.isRequired()); + } catch (NoSuchMethodException e) { + Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); + e.printStackTrace(); + } + } else { + Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined."); + } + } + + private String geteIdentifier() { + Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry()); + try { + return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry()); + } catch (BuildException be) { + Logger.error("Stork eid could not be constructed; " + be.getMessage()); + return null; // TODO error + } + } + + + private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) { + try { + String attributeValue = method.invoke(object, new Class[]{}).toString(); + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName(storkAttribute); + + newAttribute.setStatus("Available"); + newAttribute.setIsRequired(isRequired); + Logger.debug("Got attribute value: " + attributeValue); + newAttribute.setValue(new ArrayList<String>(edu.emory.mathcs.backport.java.util.Collections.singletonList(attributeValue))); + attributeList.add(newAttribute); + } catch (InvocationTargetException e) { + Logger.error("Invocation target exception while getting attribute: " + storkAttribute); + e.printStackTrace(); + } catch (IllegalAccessException e) { + Logger.error("Illegal access exception while getting attribute: " + storkAttribute); + e.printStackTrace(); + } + } + + +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java index c8a5ac84d..cee64e16e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java @@ -8,9 +8,8 @@ import org.opensaml.common.xml.SAMLConstants; * @author bsuzic * Date: 12/4/13, Time: 6:31 PM */ -//public class STORKAuthnRequestDEL extends STORKAuthnRequestImpl implements IRequest { -public class STORKAuthnRequestDEL implements IRequest { +public class MOASTORKAuthnRequest implements IRequest { private String requestID; private String target = null; String module = null; @@ -26,6 +25,7 @@ public class STORKAuthnRequestDEL implements IRequest { } public String getOAURL() { + return "https://sp:8889/SP"; // } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java deleted file mode 100644 index 54072b6a3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java +++ /dev/null @@ -1,105 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; -import org.opensaml.ws.transport.http.HTTPInTransport; - - -/** - * @author bsuzic - * Date: 1/22/14, Time: 5:30 PM - */ -public class STORKAuthnReq implements IRequest { - private String requestID; - private String target = null; - String module = null; - String action = null; - private STORKAuthnRequest storkAuthnRequest; - - public void setSTORKAuthnRequest(STORKAuthnRequest request) { - this.storkAuthnRequest = request; - } - - public STORKAuthnRequest getStorkAuthnRequest() { - return this.storkAuthnRequest; - } - - public void createStorkReq(HTTPInTransport profileReq) { - Logger.debug("Generate stork request test..."); - storkAuthnRequest = new STORKAuthnRequest(); - - BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); - samlMessageContext.setInboundMessageTransport(profileReq); - - HTTPPostDecoder postDecoder = new HTTPPostDecoder(); - postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator - - try { - Logger.debug("Attempting to decode request..."); - postDecoder.decode(samlMessageContext); - } catch (Exception e) { - Logger.error("Error decoding STORKAuthnRequest", e); - } - - - - //storkAuthnRequest = (STORKAuthnRequest)samlMessageContext.getInboundSAMLMessage(); - //samlMessageContext.getinbound - //storkAuthnRequest.set - - - - } - - - - public String getOAURL() { - return "https://sp:8889/SP"; // - } - - public boolean isPassiv() { - return false; // - } - - public boolean forceAuth() { - return false; // - } - - public boolean isSSOSupported() { - return false; // - } - - public String requestedModule() { - return this.module; // - } - - public String requestedAction() { - return action; // - } - - public void setModule(String module) { - this.module = module; - } - - public void setAction(String action) { - this.action = action; - } - - public String getTarget() { - return this.target; // - } - - public void setRequestID(String id) { - this.requestID = id; - } - - public String getRequestID() { - return this.requestID; // - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 318a8fc9c..502925a2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; @@ -9,7 +8,6 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -109,8 +107,8 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { /* STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); - //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage(); - STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); + //MOASTORKAuthnRequest STORK2Request = (MOASTORKAuthnRequest)samlMessageContext.getInboundSAMLMessage(); + MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); STORK2Request.setSTORKAuthnRequest(ST2Req); Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode()); @@ -118,10 +116,10 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); */ - STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); + //STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); - STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); + MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); //extract STORK Response from HTTP Request @@ -155,6 +153,8 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.error("spi " + authnRequest.getSpInstitution()); + STORK2Request.setSTORKAuthnRequest(authnRequest); + return STORK2Request; } @@ -170,6 +170,11 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { return false; } + + public void checkPersonalAttributes() { + + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index bd6f192dc..4314e666e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -47,7 +47,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - @Override public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { requestedAttributes = new PersonalAttributeList(1); @@ -58,7 +57,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ - @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); @@ -91,7 +89,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) */ - @Override public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { String spSector = "Business"; diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html new file mode 100644 index 000000000..f655caee0 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html @@ -0,0 +1,42 @@ +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + +<body onload="document.forms[0].submit()"> + <noscript> + <p> + <strong>Note:</strong> Since your browser does not support + JavaScript, you must press the Continue button once to proceed. + </p> + </noscript> + + + <div id="alert">Your login is being processed. Thank you for + waiting.</div> + + <style type="text/css"> +<!-- +#alert { + margin: 100px 250px; + font-family: Verdana, Arial, Helvetica, sans-serif; + font-size: 14px; + font-weight: normal; +} +--> +</style> + + <form action="${action}" method="post" target="_parent"> + <div> + #if($RelayState)<input type="hidden" name="RelayState" + value="${RelayState}" />#end #if($SAMLRequest)<input type="hidden" + name="SAMLRequest" value="${SAMLRequest}" />#end #if($SAMLResponse)<input + type="hidden" name="SAMLResponse" value="${SAMLResponse}" />#end + + </div> + <noscript> + <div> + <input type="submit" value="Continue" /> + </div> + </noscript> + </form> + +</body> +</html> |