diff options
Diffstat (limited to 'id/server/idserverlib/src')
17 files changed, 733 insertions, 407 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index ce5aa15c3..6f6d9611a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -125,7 +125,7 @@ import at.gv.util.xsd.srzgw.MISType;  import at.gv.util.xsd.srzgw.MISType.Filters;  import eu.stork.oasisdss.api.AdditionalProfiles;  import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.api.exceptions.ApiUtilsException;  import eu.stork.oasisdss.api.Profiles;  import eu.stork.oasisdss.api.QualityLevels;  import eu.stork.oasisdss.api.SignatureTypes; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index d655dc7f2..4dec2c32e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -68,6 +68,12 @@ public class STORKConfig {  		//List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
          List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = new ArrayList<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS>();   // TODO Change this
 +        try {
 +            cpeps = stork.getCPEPS();
 +        }   catch (NullPointerException ex) {
 +            Logger.error("CPEPS not configured!");
 +        }
 +
  		cpepsMap = new HashMap<String, CPEPS>();
  		if (cpeps != null) {
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java index 65634bed3..b6fe20a61 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java @@ -2,19 +2,19 @@   * Copyright 2014 Federal Chancellery Austria   * MOA-ID has been developed in a cooperation between BRZ, the Federal   * Chancellery Austria - ICT staff unit, and Graz University of Technology. - *  + *   * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by   * the European Commission - subsequent versions of the EUPL (the "Licence");   * You may not use this work except in compliance with the Licence.   * You may obtain a copy of the Licence at:   * http://www.osor.eu/eupl/ - *  + *   * Unless required by applicable law or agreed to in writing, software   * distributed under the Licence is distributed on an "AS IS" basis,   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   * See the Licence for the specific language governing permissions and   * limitations under the Licence. - *  + *   * This product combines work with different licenses. See the "NOTICE" text   * file for details on the various modules and licenses.   * The "NOTICE" text file is part of the distribution. Any derivative works @@ -46,98 +46,120 @@  package at.gv.egovernment.moa.id.iaik.config; -import java.io.File; -  import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.ConfigurationProvider;  import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; -import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.logging.Logger;  import iaik.pki.store.certstore.CertStoreConfiguration;  import iaik.pki.store.certstore.CertStoreParameters;  import iaik.pki.store.certstore.CertStoreTypes;  import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; +import java.io.File; +  /**   * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> + *   * @author Paul Ivancsics   * @version $Id$   */ -public class CertStoreConfigurationImpl extends ObservableImpl  -  implements CertStoreConfiguration, DirectoryCertStoreParameters { -  /** identifies the rootDirectory */ -  private String rootDirectory; -  /** ConfigurationProvider */ -  private ConfigurationProvider conf; -  /** Array for storing all CertStoreParameters */ -  private CertStoreParameters[] parameters; - -  /** -   * Create a new <code>CertStoreConfigurationImpl</code>. -   *  -   * @param conf The MOA configuration from which the configuration data is -   * @throws ConfigurationException an any config-error -   * being read. -   */ -  public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { -    this.conf=conf; -     -    String certStoreRootDirParam = conf.getCertstoreDirectory(); -     -    if (certStoreRootDirParam == null) -      throw new ConfigurationException( -        "config.08", new Object[] {"CertStoreDirectory"}); - -		rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); -		if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6); -		File f = new File(rootDirectory); -				if (!f.isDirectory()) -					throw new ConfigurationException( -						"config.05", new Object[] {"CertStoreDirectory"}); -     -    parameters = new CertStoreParameters[] { this }; -  } - -  /** -   * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters() -   */ -  public CertStoreParameters[] getParameters() { -    return parameters; -  } - -  /** -   * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory() -   */ -  public String getRootDirectory() { -    return rootDirectory; -  } - -  /** -   * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() -   */ -  public boolean createNew() { -    return false; -  } - -  /** -   * @see iaik.pki.store.certstore.CertStoreParameters#getId() -   */ -  public String getId() { -    return "MOA ID Directory CertStore"; -  } - -  /** -   * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly() -   */ -  public boolean isReadOnly() { -    return false; -  } - -  /** -   * @return <code>CertStoreTypes.DIRECTORY</code> -   * @see iaik.pki.store.certstore.CertStoreParameters#getType() -   */ -  public String getType() { -    return CertStoreTypes.DIRECTORY; -  } +public class CertStoreConfigurationImpl extends ObservableImpl +        implements CertStoreConfiguration, DirectoryCertStoreParameters { +    /** +     * identifies the rootDirectory +     */ +    private String rootDirectory; +    /** +     * ConfigurationProvider +     */ +    private ConfigurationProvider conf; +    /** +     * Array for storing all CertStoreParameters +     */ +    private CertStoreParameters[] parameters; + +    /** +     * Create a new <code>CertStoreConfigurationImpl</code>. +     * +     * @param conf The MOA configuration from which the configuration data is +     * @throws ConfigurationException an any config-error +     *                                being read. +     */ +    public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { +        this.conf = conf; + +        String certStoreRootDirParam = conf.getCertstoreDirectory(); + +        if (certStoreRootDirParam == null) +            throw new ConfigurationException( +                    "config.08", new Object[]{"CertStoreDirectory"}); + +        //rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); +        rootDirectory = certStoreRootDirParam; +        Logger.error("Using file: " + rootDirectory); +        if (rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(5); +        Logger.error("Using file2: " + rootDirectory); + +        File f = new File(rootDirectory); +        //Logger.error("Using file: " + certStoreRootDirParam + " param: " + conf.getRootConfigFileDir()); + +        if (!f.exists()) { +            Logger.error("File does not exists: " + f.getAbsolutePath()); +            throw new ConfigurationException( +                    "config.05", new Object[]{"CertStoreDirectory"}); +        } + +        if (!f.isDirectory()) { +            Logger.error("File is not a directory: " + f.getAbsolutePath()); +            throw new ConfigurationException( +                    "config.05", new Object[]{"CertStoreDirectory"}); +        } + + +        parameters = new CertStoreParameters[]{this}; +    } + +    /** +     * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters() +     */ +    public CertStoreParameters[] getParameters() { +        return parameters; +    } + +    /** +     * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory() +     */ +    public String getRootDirectory() { +        return rootDirectory; +    } + +    /** +     * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() +     */ +    public boolean createNew() { +        return false; +    } + +    /** +     * @see iaik.pki.store.certstore.CertStoreParameters#getId() +     */ +    public String getId() { +        return "MOA ID Directory CertStore"; +    } + +    /** +     * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly() +     */ +    public boolean isReadOnly() { +        return false; +    } + +    /** +     * @return <code>CertStoreTypes.DIRECTORY</code> +     * @see iaik.pki.store.certstore.CertStoreParameters#getType() +     */ +    public String getType() { +        return CertStoreTypes.DIRECTORY; +    }  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index b7fa37757..288e71f58 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -1,11 +1,9 @@  package at.gv.egovernment.moa.id.protocols.stork2; -import java.util.ArrayList; -import java.util.List; -  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -13,144 +11,256 @@ import at.gv.egovernment.moa.id.moduls.IAction;  import at.gv.egovernment.moa.id.moduls.IRequest;  import at.gv.egovernment.moa.id.storage.AssertionStorage;  import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.commons.io.IOUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; - -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; - -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; +import javax.servlet.http.HttpSession; +import java.io.IOException; +import java.io.StringWriter; +import java.util.ArrayList; +import java.util.List;  /**   * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins.   * The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes.   * Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user   * interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes. - *  + * <p/>   * TODO how do we treat mandatory and optional attributes? - *    */  public class AttributeCollector implements IAction { -	 -	/** The Constant ARTIFACT_ID. */ -	private static final String ARTIFACT_ID = "artifactId"; -	 + +    /** +     * The Constant ARTIFACT_ID. +     */ +    private static final String ARTIFACT_ID = "artifactId"; +    private DataContainer container; +    private HttpServletResponse httpResp; + +      /* (non-Javadoc)       * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)       */      public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { -		// read configuration parameters of OA -		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); -		if (oaParam == null) -			throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); - -    	// find the attribute provider plugin that can handle the response -		IPersonalAttributeList newAttributes = null; -		for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) -			try { -				newAttributes = current.parse(httpReq); -			} catch (UnsupportedAttributeException e1) { -				// the current provider cannot find anything familiar within the -				// provided httpreq. Try the next one. -			} - -		if (null == newAttributes) { -			// we do not have a provider which is capable of fetching something -			// from the received httpreq. -			// TODO should we continue with the next attribute? -			Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); -			throw new MOAIDException("stork.11", null); -		} - -    	// - fetch the container -		String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); -		DataContainer container; -		try { -			container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); -		} catch (MOADatabaseException e) { -			Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); -			throw new MOAIDException("stork.11", null); -		} - -    	// - insert the embedded attribute(s) into the container -		for(PersonalAttribute current : newAttributes) -			container.getResponse().getPersonalAttributeList().add(current); -    	 -    	// see if we need some more attributes -    	return processRequest(container, httpReq, httpResp, moasession, oaParam); +        this.httpResp = httpResp; + +        // read configuration parameters of OA +        OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); +        if (oaParam == null) +            throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + +        // find the attribute provider plugin that can handle the response +        IPersonalAttributeList newAttributes = null; +        for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) +            try { +                newAttributes = current.parse(httpReq); +            } catch (UnsupportedAttributeException e1) { +                // the current provider cannot find anything familiar within the +                // provided httpreq. Try the next one. +                // TODO check the loop +            } + +        if (null == newAttributes) { +            // we do not have a provider which is capable of fetching something +            // from the received httpreq. +            // TODO should we continue with the next attribute? +            Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); +            throw new MOAIDException("stork.11", null); +        } + +        // - fetch the container +        String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); +        DataContainer container; +        try { +            container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); +        } catch (MOADatabaseException e) { +            Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); +            throw new MOAIDException("stork.11", null); +        } + + + +        // - insert the embedded attribute(s) into the container +        for (PersonalAttribute current : newAttributes) +            container.getResponse().getPersonalAttributeList().add(current); + +        // see if we need some more attributes +        return processRequest(container, httpReq, httpResp, moasession, oaParam);      } -     +      /**       * Checks if there are missing attributes and tries to fetch them. If there are no more attribute to fetch,       * this very method creates and sends the protocol result to the asking S-PEPS.       *       * @param container the {@link DataContainer} representing the status of the overall query.       * @return the string -     * @throws MOAIDException  +     * @throws MOAIDException       */      public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { -    	// check if there are attributes we need to fetch -    	IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); -    	IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); -    	List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>(); -    	for(PersonalAttribute current : requestAttributeList) -    		if(!responseAttributeList.containsKey(current)) -    			missingAttributes.add(current); -    	 -    	try { -	    	// for each attribute still missing -	    	for(PersonalAttribute currentAttribute : missingAttributes) { -	    	// - check if we can find a suitable AttributeProvider Plugin -				for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { -					try { -						// - hand over control to the suitable plugin -						IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); - -						// - add the aquired attribute to the container -						for(PersonalAttribute current : aquiredAttributes) -							container.getResponse().getPersonalAttributeList().add(current); -					} catch(UnsupportedAttributeException e) { -						// ok, try the next attributeprovider -					} catch(MOAIDException e) { -						// the current plugin had an error. Try the next one. -						// TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop -					} -	 -	    		} -	    	} -		} catch (ExternalAttributeRequestRequiredException e) { -			// the attribute request is ongoing and requires an external service. -			try { -				// memorize the container again -				// - generate new key -				String newArtifactId = new SecureRandomIdentifierGenerator() -						.generateIdentifier(); - -				// - put container in temporary store. -				AssertionStorage.getInstance().put(newArtifactId, container); - -				// add container-key to redirect embedded within the return URL -				e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); -			} catch (Exception e1) { -				// TODO should we return the response as is to the PEPS? -				Logger.error("Error putting incomplete Stork response into temporary storage", e); -				throw new MOAIDException("stork.11", null); -			} - -			return "12345"; // TODO what to do here? -		} -    	// build response -    	// done -    	return "12345"; // AssertionId +        // check if there are attributes we need to fetch +        this.httpResp = response; +        this.container = container; + +        IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); +        IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); +        List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>(); +        for (PersonalAttribute current : requestAttributeList) +            if (!responseAttributeList.containsKey(current)) +                missingAttributes.add(current); + +        // Try to get all missing attributes +        try { +            // for each attribute still missing +            for (PersonalAttribute currentAttribute : missingAttributes) { +                // - check if we can find a suitable AttributeProvider Plugin +                for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { +                    try { +                        // - hand over control to the suitable plugin +                        IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); + +                        // - add the aquired attribute to the container +                        for (PersonalAttribute current : aquiredAttributes) +                            container.getResponse().getPersonalAttributeList().add(current); +                        //TODO: return after first AP  +                         +                    } catch (UnsupportedAttributeException e) { +                        // ok, try the next attributeprovider +                    } catch (MOAIDException e) { +                        // the current plugin had an error. Try the next one. +                        // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop +                    } + +                } +            } + +            // build response +            generateSTORKResponse(); + +            // set new http response +            generateRedirectResponse(); +            response = httpResp; + +            return "12345"; // AssertionId + +        } catch (ExternalAttributeRequestRequiredException e) { +            // the attribute request is ongoing and requires an external service. +            try { +                // memorize the container again +                // - generate new key +                String newArtifactId = new SecureRandomIdentifierGenerator() +                        .generateIdentifier(); +                // - put container in temporary store. +                AssertionStorage.getInstance().put(newArtifactId, container); + +                // add container-key to redirect embedded within the return URL +                e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); + + +            } catch (Exception e1) { +                // TODO should we return the response as is to the PEPS? +                Logger.error("Error putting incomplete Stork response into temporary storage", e); +                throw new MOAIDException("stork.11", null); +            } + +            return "12345"; // TODO what to do here? +        } + + +    } + + +    private void generateSTORKResponse() throws MOAIDException { +        STORKAuthnResponse authnResponse = container.getResponse(); +        STORKAuthnRequest authnRequest = container.getRequest(); + +        try { +            //Get SAMLEngine instance +            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); +            Logger.debug("Starting generation of SAML response"); +            authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false); + +            //generateSAML Token +            Logger.info("SAML response succesfully generated!"); +        } catch (STORKSAMLEngineException e) { +            Logger.error("Failed to generate STORK SAML Response", e); +            throw new MOAIDException("stork.05", null); +        } + +        Logger.info("STORK SAML Response message succesfully generated "); +        String statusCodeValue = authnResponse.getStatusCode(); + +        try { +            Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); +            Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works +            Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + +        } catch (IOException e) { +            e.printStackTrace(); +        } + +        container.setResponse(authnResponse); + +    } + + +    private void generateRedirectResponse() { +        STORKAuthnResponse authnResponse = container.getResponse(); +        STORKAuthnRequest authnRequest = container.getRequest(); + + +        // preparing redirection for the client + +        try { +            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); +            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); +            VelocityContext context = new VelocityContext(); + +            context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); +            Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + +            Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); +            context.put("action", authnRequest.getAssertionConsumerServiceURL()); +            Logger.debug("Starting template merge"); +            StringWriter writer = new StringWriter(); + +            Logger.debug("Doing template merge"); +            template.merge(context, writer); +            Logger.debug("Template merge done"); + +            Logger.debug("Sending html content: " + writer.getBuffer().toString()); +            Logger.debug("Sending html content2  : " + new String(writer.getBuffer())); + + +            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + +        } catch (Exception e) { +            Logger.error("Velocity error: " + e.getMessage()); +        } + +        //HttpSession httpSession = this.httpResp.getSession(); +        //httpSession.setAttribute("STORKSessionID", "12345"); +        //Logger.info("Status code again: " + authnResponse.getStatusCode()); + +        //return "12345"; // AssertionId      }      /* (non-Javadoc)       * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)       */      public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { -    	// this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. +        // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action.          return false;      } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 1f6ffaa9a..d4996c26a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -1,11 +1,22 @@  package at.gv.egovernment.moa.id.protocols.stork2;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.moduls.IAction;  import at.gv.egovernment.moa.id.moduls.IRequest;  import at.gv.egovernment.moa.id.storage.AssertionStorage;  import at.gv.egovernment.moa.logging.Logger; +import edu.emory.mathcs.backport.java.util.Collections; +import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.commons.io.IOUtils; +import org.apache.velocity.Template;  import org.apache.velocity.VelocityContext;  import org.apache.velocity.app.VelocityEngine;  import org.apache.velocity.runtime.RuntimeConstants; @@ -15,13 +26,11 @@ import javax.servlet.ServletOutputStream;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse;  import javax.servlet.http.HttpSession; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStreamWriter; -import java.io.Writer; +import java.io.*;  import java.util.HashMap;  import eu.stork.peps.auth.engine.SAMLEngine; +  /**   * @author bsuzic   *         Date: 12/3/13, Time: 2:08 PM @@ -35,127 +44,107 @@ public class AuthenticationRequest implements IAction {      private VelocityEngine velocityEngine; +    private AuthenticationSession moaSession; +    private MOASTORKAuthnRequest moaStorkAuthnRequest;      public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + +        this.moaSession = moasession; +        this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req; +          Logger.debug("Starting AuthenticationRequest");          //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession);          Logger.debug("Http Response: " + httpResp.toString() + ", "); +        Logger.debug("Remote user: " + httpReq.getRemoteAddr());          Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget());          httpResp.reset(); -        //httpResp.addHeader("Location", "http:/www.google.com"); -        if (req instanceof STORKAuthnRequestDEL) { -          /* -            Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); -            StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); - -            HttpSession httpSession = httpReq.getSession(); -            httpSession.setAttribute("STORKSessionID", "12345"); -            httpResp.setStatus(startAuthResponse.getHttpStatusCode()); -            try { -                ServletOutputStream os = httpResp.getOutputStream(); -                String html = new String(startAuthResponse.getContent()); - - -                if (html.contains("<![CDATA[")) { -                    Logger.info("-------- content contains <![CDATA[-----------------"); -                    Logger.info("-------- content contains html -----------------"); -                    Logger.info("HTML : " + html); -                    int beginIndex = html.indexOf("<![CDATA["); -                    int endIndex = html.indexOf("]]>"); -                    html = html.substring(beginIndex + 9, endIndex); -                    startAuthResponse.setContent(html.getBytes()); -                } -                Logger.info("HTML : " + html); -                os.write(startAuthResponse.getContent()); -                Logger.info("Response sent to client"); -            } catch (IOException e) { -                Logger.error("ERROR MOA"); -                throw new MOAIDException("error response sending", new Object[]{}); +        STORKAuthnResponse authnResponse = new STORKAuthnResponse(); +        authnResponse.setCountry("AT"); + +        OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); +        if (oaParam == null) +            throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + + +        // Prepare basic AT attributes +        try { +            IPersonalAttributeList moaAttrList =  moasession.getStorkAttributes(); +            Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); + + +            for (PersonalAttribute personalAttribute : moaAttrList) { +                Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); +                if (personalAttribute.getValue().size() > 0) { +                    for (String value : personalAttribute.getValue()) { +                        Logger.info("     Value found: " + value); +                    } +                }              } -            //httpSession.setAttribute("CCC", ccc); -          */ +        } catch (Exception e) { +            Logger.error("Exception, attributes: " + e.getMessage());          } +        // Get personal attributtes from MOA/IdentityLink +        authnResponse.setPersonalAttributeList(populateAttributes()); + +        // Prepare extended attributes +        Logger.debug("Preparing data container"); -        //httpResp.setStatus(200); -        //VPEPSInboundPostHandler -                  // create fresh container          DataContainer container = new DataContainer(); -         +          // - fill in the request we extracted above -        container.setRequest(request); +        container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest());          // - fill in the partial response created above -        container.setResponse(response); +        container.setResponse(authnResponse);          // - memorize the target url were we have to return the result -        container.setTarget(target); -         -        // see if we need to fetch further attributes -        return (new AttributeCollector()).processRequest(container); -    } +        container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); -    public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { -        return true; -    } +        container.setRemoteAddress(httpReq.getRemoteAddr()); -    /* - -    public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) { +        Logger.debug("Data container prepared"); -        StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap<String, String>()); +        return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); -        if (authnRequest.getSPID() != null) { -            Logger.debug("SP id: " + authnRequest.getSPID()); -        } else { -            SpInstitution spInstitution = (SpInstitution)authnRequest.getExtensions().getUnknownXMLObjects(SpInstitution.DEFAULT_ELEMENT_NAME).get(0); -            Logger.debug("SP institution: " + spInstitution.getValue()); -        } +    } -        Logger.debug("SPEPS issuer: " + authnRequest.getIssuer().getValue()); -        Logger.debug("SPEPS Consumer URL: " + authnRequest.getAssertionConsumerServiceURL()); +    public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { +        return true; +    } +    public PersonalAttributeList populateAttributes() { -        try { +        IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList(); +        Logger.info("Found " + attrLst.size() + " personal attributes in the request." ); -            initVelocityEngine(); -            VelocityContext velocityContext = new VelocityContext(); +        // Define attribute list to be populated +        PersonalAttributeList attributeList = new PersonalAttributeList(); +        MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink()); -            velocityContext.put("action", authnRequest.getDestination()); -            if (authnRequest.getDOM() == null) { -                SAMLUtil.marshallMessage(authnRequest); +        try { +            for (PersonalAttribute personalAttribute : attrLst) { +                Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); +                moaAttributeProvider.populateAttribute(attributeList, personalAttribute);              } - -            String messageXML = XMLHelper.nodeToString(authnRequest.getDOM()); -            String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES); -            velocityContext.put("SAMLRequest", encodedMessage); -            ByteArrayOutputStream outStream = new ByteArrayOutputStream(); - -            Writer out = new OutputStreamWriter(outStream, "UTF-8"); -            velocityEngine.mergeTemplate("/templates/saml2-post-binding.vm", "UTF-8", velocityContext, out); -            out.flush(); -            authResponse.setContent(outStream.toByteArray()); - -            authResponse.addHeader("Content-Type", "text/html; charset=utf-8"); -            authResponse.addHeader("Cache-Control", "no-cache"); -            authResponse.setHttpStatusCode(200); - -        } catch (Exception e) { -            Logger.error("ERROR"); +        }  catch (Exception e) { +            Logger.error("Exception, attributes: " + e.getMessage());          } +        Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock()); +        Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName()); +        Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier()); +        Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken()); -        return authResponse; +        return attributeList;      } -    */ -      public String getDefaultActionName() {          return STORKProtocol.AUTHENTICATIONREQUEST;      } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java index 40c827ef8..44ad0000a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java @@ -22,8 +22,9 @@ public class DataContainer implements Serializable {  	/** The target. */  	private String target; -	 -	/** +    private String remoteAddress; + +    /**  	 * Gets the request.  	 *  	 * @return the request @@ -76,4 +77,13 @@ public class DataContainer implements Serializable {  	public void setTarget(String target) {  		this.target = target;  	} +     +    /* +     Sets IP address +     */ +    public void setRemoteAddress(String address) { this.remoteAddress = address; } +    public String getRemoteAddress() { +        return this.remoteAddress; +    } +      } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 669a9389b..9c0869d97 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -20,7 +20,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)  	 */ -	@Override  	public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession)  			throws UnsupportedAttributeException {  		PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); @@ -31,7 +30,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)  	 */ -	@Override  	public IPersonalAttributeList parse(HttpServletRequest httpReq) {  		// TODO Auto-generated method stub  		return null; @@ -40,7 +38,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)  	 */ -	@Override  	public void performRedirect(String url, String citizenCountyCode,  			HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) {  		// we should not get here diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index 2f6b69075..26fc00406 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -20,7 +20,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)  	 */ -	@Override  	public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession)  			throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {  		throw new ExternalAttributeRequestRequiredException(this); @@ -29,7 +28,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)  	 */ -	@Override  	public IPersonalAttributeList parse(HttpServletRequest httpReq) {  		PersonalAttributeList requestedAttributes = new PersonalAttributeList(1);  		requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList<String>(), "")); @@ -39,7 +37,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)  	 */ -	@Override  	public void performRedirect(String url, String citizenCountyCode,  			HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) {  		// we should not get here diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 8b96e0d10..758b70f2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -55,7 +55,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute)  	 */ -	@Override  	public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession)  			throws UnsupportedAttributeException,  			ExternalAttributeRequestRequiredException, MOAIDException { @@ -203,7 +202,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter)  	 */ -	@Override  	public void performRedirect(String url, String citizenCountyCode,  			HttpServletRequest req, HttpServletResponse resp,  			OAAuthParameter oaParam) throws MOAIDException { @@ -213,7 +211,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)  	 */ -	@Override  	public IPersonalAttributeList parse(HttpServletRequest httpReq)  			throws UnsupportedAttributeException, MOAIDException {  		// there is no redirect required, so we throw an exception when someone asks us to parse a response diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java new file mode 100644 index 000000000..414e383fa --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -0,0 +1,94 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +/** + * @author bsuzic + *         Date: 2/19/14, Time: 4:42 PM + */ +public class MOAAttributeProvider { +    private final IdentityLink identityLink; +    private static final Map<String, String> storkAttributeSimpleMapping; +    private static final Map<String, String> storkAttributeFunctionMapping; + +    static { +        Map<String, String> tempSimpleMap = new HashMap<String, String>(); +        tempSimpleMap.put("givenName", "getGivenName"); +        tempSimpleMap.put("surname", "getFamilyName"); +        tempSimpleMap.put("dateOfBirth", "getDateOfBirth"); +        storkAttributeSimpleMapping = Collections.unmodifiableMap(tempSimpleMap); +        Map<String, String> tempFunctionMap = new HashMap<String, String>(); +        tempFunctionMap.put("eIdentifier", "geteIdentifier"); +        storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); +    } + +    public MOAAttributeProvider(IdentityLink identityLink) { +        this.identityLink = identityLink; +        Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue()); +    } + +    public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) { +        String storkAttribute = requestedAttribute.getName(); + +        if (storkAttributeSimpleMapping.containsKey(storkAttribute)) { +            Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]"); +            try { +                Method method = identityLink.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute)); +                populateAttributeWithMethod(method, identityLink, attributeList, storkAttribute, requestedAttribute.isRequired()); +            } catch (NoSuchMethodException e) { +                Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); +                e.printStackTrace(); +            } + +        } else if (storkAttributeFunctionMapping.containsKey(storkAttribute)) { + +            Logger.debug("Trying to get value for attribute using function mapping [" + storkAttribute + "]"); +            try { +                Method method = this.getClass().getDeclaredMethod(storkAttributeFunctionMapping.get(storkAttribute)); +                populateAttributeWithMethod(method, this, attributeList, storkAttribute, requestedAttribute.isRequired()); +            } catch (NoSuchMethodException e) { +                Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); +                e.printStackTrace(); +            } +        } else { +            Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined."); +        } +    } + +    private String geteIdentifier() { +        return "askdlaskdlaskdsds"; +    } + +    private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) { +        try { +            String attributeValue = method.invoke(object, new Class[]{}).toString(); +            PersonalAttribute newAttribute = new PersonalAttribute(); +            newAttribute.setName(storkAttribute); + +            newAttribute.setStatus("Available"); +            newAttribute.setIsRequired(isRequired); +            Logger.debug("Got attribute value: " + attributeValue); +            newAttribute.setValue(new ArrayList<String>(edu.emory.mathcs.backport.java.util.Collections.singletonList(attributeValue))); +            attributeList.add(newAttribute); +        } catch (InvocationTargetException e) { +            Logger.error("Invocation target exception while getting attribute: " + storkAttribute); +            e.printStackTrace(); +        } catch (IllegalAccessException e) { +            Logger.error("Illegal access exception while getting attribute: " + storkAttribute); +            e.printStackTrace(); +        } +    } + + +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java index c8a5ac84d..cee64e16e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java @@ -8,9 +8,8 @@ import org.opensaml.common.xml.SAMLConstants;   * @author bsuzic   *         Date: 12/4/13, Time: 6:31 PM   */ -//public class STORKAuthnRequestDEL extends STORKAuthnRequestImpl implements IRequest { -public class STORKAuthnRequestDEL implements IRequest { +public class MOASTORKAuthnRequest implements IRequest {      private String requestID;      private String target = null;      String module = null; @@ -26,6 +25,7 @@ public class STORKAuthnRequestDEL implements IRequest {      }      public String getOAURL() { +          return "https://sp:8889/SP";  //      } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java deleted file mode 100644 index 54072b6a3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java +++ /dev/null @@ -1,105 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; -import org.opensaml.ws.transport.http.HTTPInTransport; - - -/** - * @author bsuzic - *         Date: 1/22/14, Time: 5:30 PM - */ -public class STORKAuthnReq implements IRequest { -    private String requestID; -    private String target = null; -    String module = null; -    String action = null; -    private STORKAuthnRequest storkAuthnRequest; - -    public void setSTORKAuthnRequest(STORKAuthnRequest request) { -        this.storkAuthnRequest = request; -    } - -    public STORKAuthnRequest getStorkAuthnRequest() { -        return this.storkAuthnRequest; -    } - -    public void createStorkReq(HTTPInTransport profileReq) { -        Logger.debug("Generate stork request test..."); -        storkAuthnRequest = new STORKAuthnRequest(); - -        BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); -        samlMessageContext.setInboundMessageTransport(profileReq); - -        HTTPPostDecoder postDecoder = new HTTPPostDecoder(); -        postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator - -        try { -            Logger.debug("Attempting to decode request..."); -            postDecoder.decode(samlMessageContext); -        } catch (Exception e) { -            Logger.error("Error decoding STORKAuthnRequest", e); -        } - - - -        //storkAuthnRequest = (STORKAuthnRequest)samlMessageContext.getInboundSAMLMessage(); -        //samlMessageContext.getinbound -        //storkAuthnRequest.set - - - -    } - - - -    public String getOAURL() { -        return "https://sp:8889/SP";  // -    } - -    public boolean isPassiv() { -        return false;  // -    } - -    public boolean forceAuth() { -        return false;  // -    } - -    public boolean isSSOSupported() { -        return false;  // -    } - -    public String requestedModule() { -        return this.module;  // -    } - -    public String requestedAction() { -        return action;  // -    } - -    public void setModule(String module) { -        this.module = module; -    } - -    public void setAction(String action) { -        this.action = action; -    } - -    public String getTarget() { -        return this.target;  // -    } - -    public void setRequestID(String id) { -        this.requestID = id; -    } - -    public String getRequestID() { -        return this.requestID;  // -    } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 318a8fc9c..502925a2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -1,6 +1,5 @@  package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.egovernment.moa.id.auth.AuthenticationServer;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException;  import at.gv.egovernment.moa.id.moduls.IAction; @@ -9,7 +8,6 @@ import at.gv.egovernment.moa.id.moduls.IRequest;  import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;  import at.gv.egovernment.moa.logging.Logger;  import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.STORKAuthnResponse;  import eu.stork.peps.auth.engine.STORKSAMLEngine;  import eu.stork.peps.exceptions.STORKSAMLEngineException;  import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -109,8 +107,8 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {          /*          STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); -        //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage(); -        STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); +        //MOASTORKAuthnRequest STORK2Request = (MOASTORKAuthnRequest)samlMessageContext.getInboundSAMLMessage(); +        MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest();          STORK2Request.setSTORKAuthnRequest(ST2Req);          Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode()); @@ -118,10 +116,10 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {          Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString());          */ -        STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); +        //STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); -        STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); +        MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest();          //extract STORK Response from HTTP Request @@ -155,6 +153,8 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {          Logger.error("spi " + authnRequest.getSpInstitution()); +        STORK2Request.setSTORKAuthnRequest(authnRequest); +          return STORK2Request;      } @@ -170,6 +170,11 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {      public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {          return false;      } + +    public void checkPersonalAttributes() { + + +    }  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java new file mode 100644 index 000000000..e7cd87e85 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java @@ -0,0 +1,129 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.codec.binary.Base64; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; +import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; + +/** + * Forwards a signedDoc attribute request to the oasis-dss service instance + */ +public class SignedDocAttributeRequestProvider implements AttributeProvider { + +	private PersonalAttribute requestedAttribute; + +	/** +	 * The URL of the service listening for the oasis dss webform post request +	 */ +	private String oasisDssWebFormURL; + +	/** +	 * Instantiates a new signed doc attribute request provider. +	 *  +	 * @param oasisDssWebFormURL +	 *            the AP location +	 */ +	public SignedDocAttributeRequestProvider(String oasisDssWebFormURL) { +		this.oasisDssWebFormURL = oasisDssWebFormURL; +	} + +	/* +	 * (non-Javadoc) +	 *  +	 * @see +	 * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java +	 * .lang.String) +	 */ +	public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, +			ExternalAttributeRequestRequiredException { +		requestedAttribute = attribute; + +		throw new ExternalAttributeRequestRequiredException(this); +	} + +	/* +	 * (non-Javadoc) +	 *  +	 * @see +	 * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax +	 * .servlet.http.HttpServletRequest) +	 */ +	public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { +		Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request"); + + +		STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); +		try { +			String signResponse = new String(Base64.decodeBase64(httpReq.getParameter("signresponse")), "UTF8"); +			List<String> values = new ArrayList<String>(); +			values.add(signResponse); + +			Logger.debug("Assembling signedDoc attribute"); +			PersonalAttribute signedDocAttribute = new PersonalAttribute(requestedAttribute.getName(), requestedAttribute.isRequired(), values, +					"Available"); + +			// pack and return the result +			PersonalAttributeList result = new PersonalAttributeList(); +			result.add(signedDocAttribute); +			return result; +		} catch (UnsupportedEncodingException e) { +			Logger.error("Failed to assemble signedDoc attribute"); +			throw new MOAIDException("stork.05", null); +		} +	} + +	/* +	 * (non-Javadoc) +	 *  +	 * @see +	 * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect +	 * (java.lang.String) +	 */ +	public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) +			throws MOAIDException { + +		try { +			Logger.trace("Initialize VelocityEngine..."); + +			VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); +			Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm"); +			VelocityContext context = new VelocityContext(); +			context.put("signrequest", Base64.encodeBase64String(requestedAttribute.getValue().get(0).getBytes("UTF8"))); +			context.put("action", oasisDssWebFormURL); + +			StringWriter writer = new StringWriter(); +			template.merge(context, writer); + +			resp.getOutputStream().write(writer.toString().getBytes()); +		} catch (Exception e) { +			Logger.error("Error sending STORK SAML AttrRequest.", e); +			throw new MOAIDException("stork.11", null); +		} +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index bd6f192dc..4314e666e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -47,7 +47,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)  	 */ -	@Override  	public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession)  			throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {  		requestedAttributes = new PersonalAttributeList(1); @@ -58,7 +57,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)  	 */ -	@Override  	public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException {  		Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); @@ -91,7 +89,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String)  	 */ -	@Override  	public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException {      	String spSector = "Business"; diff --git a/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm b/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm new file mode 100644 index 000000000..7fcc1bb36 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm @@ -0,0 +1,36 @@ +## +## Velocity Template for OASIS WEBFORM BINDING +## +## Velocity context may contain the following properties +## action - String - the action URL for the form +## signresponse - String - the Base64 encoded SAML Request +## verifyresponse - String - the Base64 encoded SAML Response +## clienturl - String - URL where the USer gets redirected after the signature process + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + +    <body onload="document.forms[0].submit()"> +        <noscript> +            <p> +                <strong>Note:</strong> Since your browser does not support JavaScript, +                you must press the Continue button once to proceed. +            </p> +        </noscript> +         +        <form action="${action}" method="post"> +            <div> +                #if($signrequest)<input type="hidden" name="signrequest" value="${signrequest}"/>#end +                 +                #if($verifyrequest)<input type="hidden" name="verifyrequest" value="${verifyrequest}"/>#end +                #if($clienturl)<input type="hidden" name="clienturl" value="${clienturl}"/>#end +                 +            </div> +            <noscript> +                <div> +                    <input type="submit" value="Continue"/> +                </div> +            </noscript> +        </form> +         +    </body> +</html>
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html new file mode 100644 index 000000000..f655caee0 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html @@ -0,0 +1,42 @@ +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + +<body onload="document.forms[0].submit()"> +	<noscript> +		<p> +			<strong>Note:</strong> Since your browser does not support +			JavaScript, you must press the Continue button once to proceed. +		</p> +	</noscript> + + +	<div id="alert">Your login is being processed. Thank you for +		waiting.</div> + +	<style type="text/css"> +<!-- +#alert { +	margin: 100px 250px; +	font-family: Verdana, Arial, Helvetica, sans-serif; +	font-size: 14px; +	font-weight: normal; +} +--> +</style> + +	<form action="${action}" method="post" target="_parent"> +		<div> +			#if($RelayState)<input type="hidden" name="RelayState" +				value="${RelayState}" />#end #if($SAMLRequest)<input type="hidden" +				name="SAMLRequest" value="${SAMLRequest}" />#end #if($SAMLResponse)<input +				type="hidden" name="SAMLResponse" value="${SAMLResponse}" />#end + +		</div> +		<noscript> +			<div> +				<input type="submit" value="Continue" /> +			</div> +		</noscript> +	</form> + +</body> +</html> | 
