diff options
Diffstat (limited to 'id/server/idserverlib/src')
12 files changed, 678 insertions, 9 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index bebae89db..ce5aa15c3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1875,7 +1875,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); -		Logger.debug("Preparing to assemble STORK AuthnRequest witt the following values:"); +		Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:");      	String destination = cpeps.getPepsURL().toExternalForm();      	Logger.debug("C-PEPS URL: " + destination); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index d6d22fe4a..479775dd5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -110,9 +110,11 @@ public class SignatureVerificationInvoker {        authConnParam = authConfigProvider.getMoaSpConnectionParameter();        //If the ConnectionParameter do NOT exist, we try to get the api to work....        if (authConnParam != null) { +        Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());          endPoint = authConnParam.getUrl();          call.setTargetEndpointAddress(endPoint);          responses = (Vector) call.invoke(serviceName, params); +        Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used          response = (SOAPBodyElement) responses.get(0);          return response.getAsDOM();        } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index b356c6f35..41be2c7e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -331,6 +331,7 @@ public class PEPSConnectorServlet extends AuthServlet {  			//TODO: found better solution, but QAA Level in response could be not supported yet
  			try {
 +
  				moasession.setQAALevel(authnResponse.getAssertions().get(0).
  						getAuthnStatements().get(0).getAuthnContext().
  						getAuthnContextClassRef().getAuthnContextClassRef());
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 0d39a4bc5..7e248243b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -123,11 +123,12 @@ public class VerifyXMLSignatureResponseValidator {  				checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null);  			if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5)   				checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null); -     -      if (whatToCheck.equals(CHECK_IDENTITY_LINK))  -        throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); -      else -        throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); + +    // TEST CARDS +    //  if (whatToCheck.equals(CHECK_IDENTITY_LINK)) +    //    throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); +    //  else +    //    throw new ValidateException("validator.19", new Object[] { checkFailedReason } );      }      if (ignoreManifestValidationResult) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index ff481b825..f79fd6e17 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -59,8 +59,14 @@ public class STORKConfig {  		this.props = props;
  		//create CPEPS map
 -		List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
 -		
 +		List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = null;
 +
 +        try {
 +            cpeps = stork.getCPEPS();
 +        }   catch (NullPointerException ex) {
 +            Logger.error("CPEPS not configured!");
 +        }
 +
  		cpepsMap = new HashMap<String, CPEPS>();
  		if (cpeps != null) {
 @@ -79,11 +85,17 @@ public class STORKConfig {  		}
  		attr = new ArrayList<StorkAttribute>();
 -		if (stork.getAttributes() != null) {
 +
 +        try {
 +        if (stork.getAttributes() != null) {
  			for(StorkAttribute current : stork.getAttributes()) {
  				attr.add(current);
  			}
  		}
 +        } catch (NullPointerException ex) {
 +            Logger.error("Attributes not configured!");
 +
 +        }
  	}
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index c9fc07b70..3af8bcfe5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -510,6 +510,8 @@ public class DispatcherServlet extends AuthServlet{  	    	ConfigurationDBUtils.closeSession();  	    } +        Logger.info("Clossing Dispatcher processing loop"); +        Logger.info("Http response prepared sent: " + resp.toString());  	}  	@Override diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java index 91f98608c..4a1da76e2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java @@ -33,6 +33,7 @@ public class ModulStorage {  	private static final String[] modulClasses = new String[]{  		"at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol",  		"at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol", +        "at.gv.egovernment.moa.id.protocols.stork2.STORKProtocol",  		"at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol"  	}; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java new file mode 100644 index 000000000..446d942ab --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -0,0 +1,266 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.logging.Logger; +import edu.emory.mathcs.backport.java.util.Collections; +import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.commons.io.IOUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.*; +import java.util.ArrayList; + + +/** + * @author bsuzic + *         Date: 12/3/13, Time: 2:08 PM + */ + +public class AuthenticationRequest implements IAction { +    /* +    Second request step - after authentication of the user is done and moasession obtained, +    process request and forward the user further to PEPS and/or other entities +     */ + + +    private VelocityEngine velocityEngine; +    private AuthenticationSession moaSession; +    private MOASTORKAuthnRequest moaStorkAuthnRequest; + + +    public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + +        this.moaSession = moasession; +        this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req; + +        Logger.debug("Starting AuthenticationRequest"); +        //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); +        Logger.debug("Http Response: " + httpResp.toString() + ", "); +        Logger.debug("Remote user: " + httpReq.getRemoteAddr()); +        Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); +        httpResp.reset(); +        //httpResp.addHeader("Location", "http:/www.google.com"); +        if (req instanceof MOASTORKAuthnRequest) { +          /* +            Logger.debug("STORK QAA 2 :" + ((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getQAALevel()); +            StartAuthResponse startAuthResponse = getStartAuthResponse(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); + +            HttpSession httpSession = httpReq.getSession(); +            httpSession.setAttribute("STORKSessionID", "12345"); +            httpResp.setStatus(startAuthResponse.getHttpStatusCode()); +            try { +                ServletOutputStream os = httpResp.getOutputStream(); +                String html = new String(startAuthResponse.getContent()); + + +                if (html.contains("<![CDATA[")) { +                    Logger.info("-------- content contains <![CDATA[-----------------"); +                    Logger.info("-------- content contains html -----------------"); +                    Logger.info("HTML : " + html); +                    int beginIndex = html.indexOf("<![CDATA["); +                    int endIndex = html.indexOf("]]>"); +                    html = html.substring(beginIndex + 9, endIndex); +                    startAuthResponse.setContent(html.getBytes()); +                } +                Logger.info("HTML : " + html); + +                os.write(startAuthResponse.getContent()); +                Logger.info("Response sent to client"); +            } catch (IOException e) { +                Logger.error("ERROR MOA"); +                throw new MOAIDException("error response sending", new Object[]{}); +            } +            //httpSession.setAttribute("CCC", ccc); + +          */ +        } + + +        //httpResp.setStatus(200); +        //VPEPSInboundPostHandler + + +        STORKAuthnResponse authnResponse = new STORKAuthnResponse(); +        authnResponse.setCountry("AT"); + + + + + +        try { +            IPersonalAttributeList moaAttrList =  moasession.getStorkAttributes(); +            Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); + + +            for (PersonalAttribute personalAttribute : moaAttrList) { +            Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); +            if (personalAttribute.getValue().size() > 0) { +                for (String value : personalAttribute.getValue()) { +                    Logger.info("     Value found: " + value); +                } +            } +        } + +        } catch (Exception e) { +            Logger.error("Exception, attributes: " + e.getMessage()); +        } + +        authnResponse.setPersonalAttributeList(populateAttributes()); + +        try { +            //Get SAMLEngine instance +            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); +            Logger.debug("Starting generation of SAML response"); +            authnResponse = engine.generateSTORKAuthnResponse(((MOASTORKAuthnRequest)req).getStorkAuthnRequest(),authnResponse,httpReq.getRemoteAddr(),false); +            //generateSAML Token +            Logger.info("SAML response succesfully generated!"); +        }catch(STORKSAMLEngineException e){ +            Logger.error("Failed to generate STORK SAML Response", e); +            throw new MOAIDException("stork.05", null); +        } + +        Logger.info("STORK SAML Response message succesfully generated "); +        Logger.debug("STORK response: "); + +        Logger.debug("authn response string: " + authnResponse.toString()); + +        String statusCodeValue = authnResponse.getStatusCode(); +        Logger.debug("authn status code value: " + statusCodeValue); + +        try { +            Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); +            Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // radi +            Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + +        } catch (IOException e) { +            e.printStackTrace(); +        } + +        try { +            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); +            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); +            VelocityContext context = new VelocityContext(); +            //Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); + +            //context.put("SAMLResponse", IOUtils.toString(authnResponse.getTokenSaml())); + +            context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); +            Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); +            //Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.encode(context.get("SAMLResponse").toString().getBytes())); + +            Logger.debug("Putting assertion consumer url as action: " + ((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); +            context.put("action", ((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); +            Logger.debug("Starting template merge"); +            StringWriter writer = new StringWriter(); +            //PrintWriter pwriter = new StringWriter(); + +            Logger.debug("Doing template merge"); +            template.merge(context, writer); +            Logger.debug("Template merge done"); + +            Logger.debug("Sending html content: " + writer.getBuffer().toString()); +            Logger.debug("Sending html content2  : " + new String(writer.getBuffer())); + + + +            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + +        } catch (Exception e) { +            Logger.error("Velocity error: " + e.getMessage()); +        } + +        HttpSession httpSession = httpReq.getSession(); +        httpSession.setAttribute("STORKSessionID", "12345"); +        Logger.info("Status code again: " + authnResponse.getStatusCode()); + + + + +        return "12345"; // AssertionId +    } + +    public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { +        return true; +    } + + +    public PersonalAttributeList populateAttributes() { + +        IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList(); +        Logger.info("Found " + attrLst.size() + " personal attributes in the request." ); + +        // Define attribute list to be populated +        PersonalAttributeList attributeList = new PersonalAttributeList(); +        MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink()); + +        try { +            for (PersonalAttribute personalAttribute : attrLst) { +                Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); + +                moaAttributeProvider.populateAttribute(attributeList, personalAttribute); + +     //           if ("givenName".equals(personalAttribute.getName())) { +     //               Logger.debug("Providing new attribute: " + personalAttribute.getName()); +     //               PersonalAttribute newAttribute = new PersonalAttribute(); +     //               newAttribute.setName("givenName"); +     //               newAttribute.setValue(new ArrayList<String>(Collections.singletonList(moaSession.getIdentityLink().getGivenName()))); +     //               attributeList.add(newAttribute); +    //            } + +            } +        }  catch (Exception e) { +            Logger.error("Exception, attributes: " + e.getMessage()); +        } + + +        Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock()); +        Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName()); + + +        Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier()); + + +        Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken()); + +        // moaAttributeProvider.populateAttribute(attributeList, personalAttribute.getName()); + +    //    moaAttributeProvider.populateAttribute(attributeList, "givenName"); + +    //    moaAttributeProvider.populateAttribute(attributeList, "surname"); + +    //    moaAttributeProvider.populateAttribute(attributeList, "xxname"); + +    //    moaAttributeProvider.populateAttribute(attributeList, "dateOfBirth"); + +        return attributeList; +    } + +    public String getDefaultActionName() { +        return STORKProtocol.AUTHENTICATIONREQUEST; +    } + + +    private void initVelocityEngine() throws Exception { +        velocityEngine = new VelocityEngine(); +        velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); +        velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); +        velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); +        velocityEngine.setProperty("classpath.resource.loader.class", +                "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + +        velocityEngine.init(); +    } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java new file mode 100644 index 000000000..cde902e4d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -0,0 +1,93 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +/** + * @author bsuzic + *         Date: 2/19/14, Time: 4:42 PM + */ +public class MOAAttributeProvider { +    private final IdentityLink identityLink; +    private static final Map<String, String> storkAttributeSimpleMapping; +    private static final Map<String, String> storkAttributeFunctionMapping; + +    static { +        Map<String, String> tempSimpleMap = new HashMap<String, String>(); +        tempSimpleMap.put("givenName", "getGivenName"); +        tempSimpleMap.put("surname", "getFamilyName"); +        tempSimpleMap.put("dateOfBirth", "getDateOfBirth"); +        storkAttributeSimpleMapping = Collections.unmodifiableMap(tempSimpleMap); +        Map<String, String> tempFunctionMap = new HashMap<String, String>(); +        tempFunctionMap.put("eIdentifier", "geteIdentifier"); +        storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); +    } + +    public MOAAttributeProvider(IdentityLink identityLink) { +        this.identityLink = identityLink; +        Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue()); +    } + +    public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) { +        String storkAttribute = requestedAttribute.getName(); + +        if (storkAttributeSimpleMapping.containsKey(storkAttribute)) { +            Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]"); +            try { +                Method method = identityLink.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute)); +                populateAttributeWithMethod(method, identityLink, attributeList, storkAttribute, requestedAttribute.isRequired()); +            } catch (NoSuchMethodException e) { +                Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); +                e.printStackTrace(); +            } + +        } else if (storkAttributeFunctionMapping.containsKey(storkAttribute)) { + +            Logger.debug("Trying to get value for attribute using function mapping [" + storkAttribute + "]"); +            try { +                Method method = this.getClass().getDeclaredMethod(storkAttributeFunctionMapping.get(storkAttribute)); +                populateAttributeWithMethod(method, this, attributeList, storkAttribute, requestedAttribute.isRequired()); +            } catch (NoSuchMethodException e) { +                Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); +                e.printStackTrace(); +            } +        } else { +            Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined."); +        } +    } + +    private String geteIdentifier() { +        return "askdlaskdlaskdsds"; +    } + +    private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) { +        try { +            String attributeValue = method.invoke(object, new Class[]{}).toString(); +            PersonalAttribute newAttribute = new PersonalAttribute(); +            newAttribute.setName(storkAttribute); +            newAttribute.setStatus("Available"); +            newAttribute.setIsRequired(isRequired); +            Logger.debug("Got attribute value: " + attributeValue); +            newAttribute.setValue(new ArrayList<String>(edu.emory.mathcs.backport.java.util.Collections.singletonList(attributeValue))); +            attributeList.add(newAttribute); +        } catch (InvocationTargetException e) { +            Logger.error("Invocation target exception while getting attribute: " + storkAttribute); +            e.printStackTrace(); +        } catch (IllegalAccessException e) { +            Logger.error("Illegal access exception while getting attribute: " + storkAttribute); +            e.printStackTrace(); +        } +    } + + +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java new file mode 100644 index 000000000..cee64e16e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java @@ -0,0 +1,71 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.moduls.IRequest; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import org.opensaml.common.xml.SAMLConstants; + +/** + * @author bsuzic + *         Date: 12/4/13, Time: 6:31 PM + */ + +public class MOASTORKAuthnRequest implements IRequest { +    private String requestID; +    private String target = null; +    String module = null; +    String action = null; +    private STORKAuthnRequest storkAuthnRequest; + +    public void setSTORKAuthnRequest(STORKAuthnRequest request) { +        this.storkAuthnRequest = request; +    } + +    public STORKAuthnRequest getStorkAuthnRequest() { +        return this.storkAuthnRequest; +    } + +    public String getOAURL() { + +        return "https://sp:8889/SP";  // +    } + +    public boolean isPassiv() { +        return false;  // +    } + +    public boolean forceAuth() { +        return false;  // +    } + +    public boolean isSSOSupported() { +        return false;  // +    } + +    public String requestedModule() { +        return this.module;  // +    } + +    public String requestedAction() { +        return action;  // +    } + +    public void setModule(String module) { +        this.module = module; +    } + +    public void setAction(String action) { +        this.action = action; +    } + +    public String getTarget() { +        return this.target;  // +    } + +    public void setRequestID(String id) { +        this.requestID = id; +    } + +    public String getRequestID() { +        return this.requestID;  // +    } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java new file mode 100644 index 000000000..3d7852c4b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -0,0 +1,178 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.ws.transport.http.HTTPInTransport; +import org.opensaml.ws.transport.http.HTTPOutTransport; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Collections; +import java.util.HashMap; + +/** + * Stork 2 Protocol Support + * Date: 11/29/13, Time: 12:32 PM + * @author bsuzic + */ +public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { + +    public static final String NAME = STORKProtocol.class.getName(); +    public static final String PATH = "id_stork2"; + +    public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; + +    private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + +    static { + +        actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); + +        instance = new STORKProtocol(); +    } + +    private static STORKProtocol instance = null; + + +    public String getName() { +        return NAME; +    } + +    public String getPath() { +        return PATH; +    } + +    public IAction getAction(String action) { +        return actions.get(action); +    } + +    public STORKProtocol() { +        super();    // +    } + +    /* +        First request step - send it to BKU selection for user authentication. After the user credentials +        and other info are obtained, in the second step the request will be processed and the user redirected +         */ +    public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { +        Logger.debug("Starting preprocessing"); +        Logger.debug("Got request: " + request.toString()); +        Logger.debug("Request method: " + request.getMethod()); +        for (Object o : Collections.list(request.getHeaderNames())) { +            Logger.debug("Request header: " + o.toString() + ":::" + request.getHeader(o.toString())); +        } +        for (Object o : Collections.list(request.getParameterNames())) { +            Logger.debug("Request parameter: " + o.toString() + "::::" + request.getParameter(o.toString())); +        } + +        Logger.debug("Request content length: " + request.getContentLength()); +        Logger.debug("Request query: " + request.getQueryString()); +        Logger.debug("Response: " + response.toString()); +        Logger.debug("Action: " + action); + +        Logger.debug("Processing saml request"); +        String SAMLRequest = request.getParameter("SAMLRequest"); + +        HTTPInTransport profileReq = new HttpServletRequestAdapter(request); +        HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure()); + + +        BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); +        samlMessageContext.setInboundMessageTransport(profileReq); + +        HTTPPostDecoder postDecoder = new HTTPPostDecoder(); +        postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator + +        try { +            Logger.debug("Attempting to decode request..."); +            postDecoder.decode(samlMessageContext); +        } catch (Exception e) { +            Logger.error("Error decoding STORKAuthnRequest", e); +        } +        /* + +        STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); +        //MOASTORKAuthnRequest STORK2Request = (MOASTORKAuthnRequest)samlMessageContext.getInboundSAMLMessage(); +        MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); +        STORK2Request.setSTORKAuthnRequest(ST2Req); + +        Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode()); +        Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel()); +        Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); + +        */ +        //STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); + + +        MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); + + +        //extract STORK Response from HTTP Request +        //Decodes SAML Response + + +        byte[] decSamlToken; +        try { +            decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest")); +        } catch(NullPointerException e) { +            Logger.error("Unable to retrieve STORK Response", e); +            throw new MOAIDException("stork.04", null); +        } + +        //Get SAMLEngine instance +        STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); + +        STORKAuthnRequest authnRequest = null; +        Logger.error("decsamltoken" +decSamlToken.toString()); + +        try { +        authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); +        } catch (STORKSAMLEngineException ex) { +            Logger.error("Unable to validate storkrkauthnreqeust" + ex.getMessage() ); +        } + +        Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL()); +        Logger.error("cc " + authnRequest.getCitizenCountryCode()); +        Logger.error("iss " + authnRequest.getIssuer()); +        Logger.error("spid " + authnRequest.getSPID()); +        Logger.error("spi " + authnRequest.getSpInstitution()); + + +        STORK2Request.setSTORKAuthnRequest(authnRequest); + + +        return STORK2Request; +    } + +    public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { +        return null; +    } + +    public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { +        return false; +    } + +    public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { +        return false; +    } + +    public void checkPersonalAttributes() { + + +    } +} + + diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html new file mode 100644 index 000000000..f655caee0 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html @@ -0,0 +1,42 @@ +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + +<body onload="document.forms[0].submit()"> +	<noscript> +		<p> +			<strong>Note:</strong> Since your browser does not support +			JavaScript, you must press the Continue button once to proceed. +		</p> +	</noscript> + + +	<div id="alert">Your login is being processed. Thank you for +		waiting.</div> + +	<style type="text/css"> +<!-- +#alert { +	margin: 100px 250px; +	font-family: Verdana, Arial, Helvetica, sans-serif; +	font-size: 14px; +	font-weight: normal; +} +--> +</style> + +	<form action="${action}" method="post" target="_parent"> +		<div> +			#if($RelayState)<input type="hidden" name="RelayState" +				value="${RelayState}" />#end #if($SAMLRequest)<input type="hidden" +				name="SAMLRequest" value="${SAMLRequest}" />#end #if($SAMLResponse)<input +				type="hidden" name="SAMLResponse" value="${SAMLResponse}" />#end + +		</div> +		<noscript> +			<div> +				<input type="submit" value="Continue" /> +			</div> +		</noscript> +	</form> + +</body> +</html> | 
