aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java188
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java328
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java163
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java94
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java)4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java105
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java129
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java3
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm36
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html42
17 files changed, 733 insertions, 407 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index ce5aa15c3..6f6d9611a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -125,7 +125,7 @@ import at.gv.util.xsd.srzgw.MISType;
import at.gv.util.xsd.srzgw.MISType.Filters;
import eu.stork.oasisdss.api.AdditionalProfiles;
import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.api.ApiUtilsException;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
import eu.stork.oasisdss.api.Profiles;
import eu.stork.oasisdss.api.QualityLevels;
import eu.stork.oasisdss.api.SignatureTypes;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index d655dc7f2..4dec2c32e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -68,6 +68,12 @@ public class STORKConfig {
//List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = new ArrayList<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS>(); // TODO Change this
+ try {
+ cpeps = stork.getCPEPS();
+ } catch (NullPointerException ex) {
+ Logger.error("CPEPS not configured!");
+ }
+
cpepsMap = new HashMap<String, CPEPS>();
if (cpeps != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
index 65634bed3..b6fe20a61 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
@@ -2,19 +2,19 @@
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
+ *
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
@@ -46,98 +46,120 @@
package at.gv.egovernment.moa.id.iaik.config;
-import java.io.File;
-
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.logging.Logger;
import iaik.pki.store.certstore.CertStoreConfiguration;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.certstore.CertStoreTypes;
import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+import java.io.File;
+
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ *
* @author Paul Ivancsics
* @version $Id$
*/
-public class CertStoreConfigurationImpl extends ObservableImpl
- implements CertStoreConfiguration, DirectoryCertStoreParameters {
- /** identifies the rootDirectory */
- private String rootDirectory;
- /** ConfigurationProvider */
- private ConfigurationProvider conf;
- /** Array for storing all CertStoreParameters */
- private CertStoreParameters[] parameters;
-
- /**
- * Create a new <code>CertStoreConfigurationImpl</code>.
- *
- * @param conf The MOA configuration from which the configuration data is
- * @throws ConfigurationException an any config-error
- * being read.
- */
- public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
- this.conf=conf;
-
- String certStoreRootDirParam = conf.getCertstoreDirectory();
-
- if (certStoreRootDirParam == null)
- throw new ConfigurationException(
- "config.08", new Object[] {"CertStoreDirectory"});
-
- rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
- if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6);
- File f = new File(rootDirectory);
- if (!f.isDirectory())
- throw new ConfigurationException(
- "config.05", new Object[] {"CertStoreDirectory"});
-
- parameters = new CertStoreParameters[] { this };
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
- */
- public CertStoreParameters[] getParameters() {
- return parameters;
- }
-
- /**
- * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
- */
- public String getRootDirectory() {
- return rootDirectory;
- }
-
- /**
- * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
- */
- public boolean createNew() {
- return false;
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreParameters#getId()
- */
- public String getId() {
- return "MOA ID Directory CertStore";
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
- */
- public boolean isReadOnly() {
- return false;
- }
-
- /**
- * @return <code>CertStoreTypes.DIRECTORY</code>
- * @see iaik.pki.store.certstore.CertStoreParameters#getType()
- */
- public String getType() {
- return CertStoreTypes.DIRECTORY;
- }
+public class CertStoreConfigurationImpl extends ObservableImpl
+ implements CertStoreConfiguration, DirectoryCertStoreParameters {
+ /**
+ * identifies the rootDirectory
+ */
+ private String rootDirectory;
+ /**
+ * ConfigurationProvider
+ */
+ private ConfigurationProvider conf;
+ /**
+ * Array for storing all CertStoreParameters
+ */
+ private CertStoreParameters[] parameters;
+
+ /**
+ * Create a new <code>CertStoreConfigurationImpl</code>.
+ *
+ * @param conf The MOA configuration from which the configuration data is
+ * @throws ConfigurationException an any config-error
+ * being read.
+ */
+ public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
+ this.conf = conf;
+
+ String certStoreRootDirParam = conf.getCertstoreDirectory();
+
+ if (certStoreRootDirParam == null)
+ throw new ConfigurationException(
+ "config.08", new Object[]{"CertStoreDirectory"});
+
+ //rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
+ rootDirectory = certStoreRootDirParam;
+ Logger.error("Using file: " + rootDirectory);
+ if (rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(5);
+ Logger.error("Using file2: " + rootDirectory);
+
+ File f = new File(rootDirectory);
+ //Logger.error("Using file: " + certStoreRootDirParam + " param: " + conf.getRootConfigFileDir());
+
+ if (!f.exists()) {
+ Logger.error("File does not exists: " + f.getAbsolutePath());
+ throw new ConfigurationException(
+ "config.05", new Object[]{"CertStoreDirectory"});
+ }
+
+ if (!f.isDirectory()) {
+ Logger.error("File is not a directory: " + f.getAbsolutePath());
+ throw new ConfigurationException(
+ "config.05", new Object[]{"CertStoreDirectory"});
+ }
+
+
+ parameters = new CertStoreParameters[]{this};
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
+ */
+ public CertStoreParameters[] getParameters() {
+ return parameters;
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
+ */
+ public String getRootDirectory() {
+ return rootDirectory;
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
+ */
+ public boolean createNew() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.CertStoreParameters#getId()
+ */
+ public String getId() {
+ return "MOA ID Directory CertStore";
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
+ */
+ public boolean isReadOnly() {
+ return false;
+ }
+
+ /**
+ * @return <code>CertStoreTypes.DIRECTORY</code>
+ * @see iaik.pki.store.certstore.CertStoreParameters#getType()
+ */
+ public String getType() {
+ return CertStoreTypes.DIRECTORY;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index b7fa37757..288e71f58 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -1,11 +1,9 @@
package at.gv.egovernment.moa.id.protocols.stork2;
-import java.util.ArrayList;
-import java.util.List;
-
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -13,144 +11,256 @@ import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import org.apache.commons.io.IOUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PersonalAttribute;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.List;
/**
* the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins.
* The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes.
* Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user
* interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes.
- *
+ * <p/>
* TODO how do we treat mandatory and optional attributes?
- *
*/
public class AttributeCollector implements IAction {
-
- /** The Constant ARTIFACT_ID. */
- private static final String ARTIFACT_ID = "artifactId";
-
+
+ /**
+ * The Constant ARTIFACT_ID.
+ */
+ private static final String ARTIFACT_ID = "artifactId";
+ private DataContainer container;
+ private HttpServletResponse httpResp;
+
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
*/
public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
- // read configuration parameters of OA
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
- if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() });
-
- // find the attribute provider plugin that can handle the response
- IPersonalAttributeList newAttributes = null;
- for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs()))
- try {
- newAttributes = current.parse(httpReq);
- } catch (UnsupportedAttributeException e1) {
- // the current provider cannot find anything familiar within the
- // provided httpreq. Try the next one.
- }
-
- if (null == newAttributes) {
- // we do not have a provider which is capable of fetching something
- // from the received httpreq.
- // TODO should we continue with the next attribute?
- Logger.error("No attribute could be retrieved from the response the attribute provider gave us.");
- throw new MOAIDException("stork.11", null);
- }
-
- // - fetch the container
- String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID);
- DataContainer container;
- try {
- container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
- } catch (MOADatabaseException e) {
- Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
- throw new MOAIDException("stork.11", null);
- }
-
- // - insert the embedded attribute(s) into the container
- for(PersonalAttribute current : newAttributes)
- container.getResponse().getPersonalAttributeList().add(current);
-
- // see if we need some more attributes
- return processRequest(container, httpReq, httpResp, moasession, oaParam);
+ this.httpResp = httpResp;
+
+ // read configuration parameters of OA
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+
+ // find the attribute provider plugin that can handle the response
+ IPersonalAttributeList newAttributes = null;
+ for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs()))
+ try {
+ newAttributes = current.parse(httpReq);
+ } catch (UnsupportedAttributeException e1) {
+ // the current provider cannot find anything familiar within the
+ // provided httpreq. Try the next one.
+ // TODO check the loop
+ }
+
+ if (null == newAttributes) {
+ // we do not have a provider which is capable of fetching something
+ // from the received httpreq.
+ // TODO should we continue with the next attribute?
+ Logger.error("No attribute could be retrieved from the response the attribute provider gave us.");
+ throw new MOAIDException("stork.11", null);
+ }
+
+ // - fetch the container
+ String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID);
+ DataContainer container;
+ try {
+ container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
+ } catch (MOADatabaseException e) {
+ Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
+ throw new MOAIDException("stork.11", null);
+ }
+
+
+
+ // - insert the embedded attribute(s) into the container
+ for (PersonalAttribute current : newAttributes)
+ container.getResponse().getPersonalAttributeList().add(current);
+
+ // see if we need some more attributes
+ return processRequest(container, httpReq, httpResp, moasession, oaParam);
}
-
+
/**
* Checks if there are missing attributes and tries to fetch them. If there are no more attribute to fetch,
* this very method creates and sends the protocol result to the asking S-PEPS.
*
* @param container the {@link DataContainer} representing the status of the overall query.
* @return the string
- * @throws MOAIDException
+ * @throws MOAIDException
*/
public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {
- // check if there are attributes we need to fetch
- IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
- IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList();
- List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
- for(PersonalAttribute current : requestAttributeList)
- if(!responseAttributeList.containsKey(current))
- missingAttributes.add(current);
-
- try {
- // for each attribute still missing
- for(PersonalAttribute currentAttribute : missingAttributes) {
- // - check if we can find a suitable AttributeProvider Plugin
- for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) {
- try {
- // - hand over control to the suitable plugin
- IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession);
-
- // - add the aquired attribute to the container
- for(PersonalAttribute current : aquiredAttributes)
- container.getResponse().getPersonalAttributeList().add(current);
- } catch(UnsupportedAttributeException e) {
- // ok, try the next attributeprovider
- } catch(MOAIDException e) {
- // the current plugin had an error. Try the next one.
- // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop
- }
-
- }
- }
- } catch (ExternalAttributeRequestRequiredException e) {
- // the attribute request is ongoing and requires an external service.
- try {
- // memorize the container again
- // - generate new key
- String newArtifactId = new SecureRandomIdentifierGenerator()
- .generateIdentifier();
-
- // - put container in temporary store.
- AssertionStorage.getInstance().put(newArtifactId, container);
-
- // add container-key to redirect embedded within the return URL
- e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam);
- } catch (Exception e1) {
- // TODO should we return the response as is to the PEPS?
- Logger.error("Error putting incomplete Stork response into temporary storage", e);
- throw new MOAIDException("stork.11", null);
- }
-
- return "12345"; // TODO what to do here?
- }
- // build response
- // done
- return "12345"; // AssertionId
+ // check if there are attributes we need to fetch
+ this.httpResp = response;
+ this.container = container;
+
+ IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
+ IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList();
+ List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
+ for (PersonalAttribute current : requestAttributeList)
+ if (!responseAttributeList.containsKey(current))
+ missingAttributes.add(current);
+
+ // Try to get all missing attributes
+ try {
+ // for each attribute still missing
+ for (PersonalAttribute currentAttribute : missingAttributes) {
+ // - check if we can find a suitable AttributeProvider Plugin
+ for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) {
+ try {
+ // - hand over control to the suitable plugin
+ IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession);
+
+ // - add the aquired attribute to the container
+ for (PersonalAttribute current : aquiredAttributes)
+ container.getResponse().getPersonalAttributeList().add(current);
+ //TODO: return after first AP
+
+ } catch (UnsupportedAttributeException e) {
+ // ok, try the next attributeprovider
+ } catch (MOAIDException e) {
+ // the current plugin had an error. Try the next one.
+ // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop
+ }
+
+ }
+ }
+
+ // build response
+ generateSTORKResponse();
+
+ // set new http response
+ generateRedirectResponse();
+ response = httpResp;
+
+ return "12345"; // AssertionId
+
+ } catch (ExternalAttributeRequestRequiredException e) {
+ // the attribute request is ongoing and requires an external service.
+ try {
+ // memorize the container again
+ // - generate new key
+ String newArtifactId = new SecureRandomIdentifierGenerator()
+ .generateIdentifier();
+ // - put container in temporary store.
+ AssertionStorage.getInstance().put(newArtifactId, container);
+
+ // add container-key to redirect embedded within the return URL
+ e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam);
+
+
+ } catch (Exception e1) {
+ // TODO should we return the response as is to the PEPS?
+ Logger.error("Error putting incomplete Stork response into temporary storage", e);
+ throw new MOAIDException("stork.11", null);
+ }
+
+ return "12345"; // TODO what to do here?
+ }
+
+
+ }
+
+
+ private void generateSTORKResponse() throws MOAIDException {
+ STORKAuthnResponse authnResponse = container.getResponse();
+ STORKAuthnRequest authnRequest = container.getRequest();
+
+ try {
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+ Logger.debug("Starting generation of SAML response");
+ authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false);
+
+ //generateSAML Token
+ Logger.info("SAML response succesfully generated!");
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Failed to generate STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null);
+ }
+
+ Logger.info("STORK SAML Response message succesfully generated ");
+ String statusCodeValue = authnResponse.getStatusCode();
+
+ try {
+ Logger.debug("authn saml plain:" + authnResponse.getTokenSaml());
+ Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works
+ Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+
+ container.setResponse(authnResponse);
+
+ }
+
+
+ private void generateRedirectResponse() {
+ STORKAuthnResponse authnResponse = container.getResponse();
+ STORKAuthnRequest authnRequest = container.getRequest();
+
+
+ // preparing redirection for the client
+
+ try {
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
+
+ context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+ Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+
+ Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL());
+ context.put("action", authnRequest.getAssertionConsumerServiceURL());
+ Logger.debug("Starting template merge");
+ StringWriter writer = new StringWriter();
+
+ Logger.debug("Doing template merge");
+ template.merge(context, writer);
+ Logger.debug("Template merge done");
+
+ Logger.debug("Sending html content: " + writer.getBuffer().toString());
+ Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
+
+
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+ } catch (Exception e) {
+ Logger.error("Velocity error: " + e.getMessage());
+ }
+
+ //HttpSession httpSession = this.httpResp.getSession();
+ //httpSession.setAttribute("STORKSessionID", "12345");
+ //Logger.info("Status code again: " + authnResponse.getStatusCode());
+
+ //return "12345"; // AssertionId
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
- // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action.
+ // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action.
return false;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 1f6ffaa9a..d4996c26a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -1,11 +1,22 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.logging.Logger;
+import edu.emory.mathcs.backport.java.util.Collections;
+import eu.stork.peps.auth.commons.*;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import org.apache.commons.io.IOUtils;
+import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
@@ -15,13 +26,11 @@ import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
+import java.io.*;
import java.util.HashMap;
import eu.stork.peps.auth.engine.SAMLEngine;
+
/**
* @author bsuzic
* Date: 12/3/13, Time: 2:08 PM
@@ -35,127 +44,107 @@ public class AuthenticationRequest implements IAction {
private VelocityEngine velocityEngine;
+ private AuthenticationSession moaSession;
+ private MOASTORKAuthnRequest moaStorkAuthnRequest;
public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+
+ this.moaSession = moasession;
+ this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req;
+
Logger.debug("Starting AuthenticationRequest");
//AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession);
Logger.debug("Http Response: " + httpResp.toString() + ", ");
+ Logger.debug("Remote user: " + httpReq.getRemoteAddr());
Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget());
httpResp.reset();
- //httpResp.addHeader("Location", "http:/www.google.com");
- if (req instanceof STORKAuthnRequestDEL) {
- /*
- Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel());
- StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest());
-
- HttpSession httpSession = httpReq.getSession();
- httpSession.setAttribute("STORKSessionID", "12345");
- httpResp.setStatus(startAuthResponse.getHttpStatusCode());
- try {
- ServletOutputStream os = httpResp.getOutputStream();
- String html = new String(startAuthResponse.getContent());
-
-
- if (html.contains("<![CDATA[")) {
- Logger.info("-------- content contains <![CDATA[-----------------");
- Logger.info("-------- content contains html -----------------");
- Logger.info("HTML : " + html);
- int beginIndex = html.indexOf("<![CDATA[");
- int endIndex = html.indexOf("]]>");
- html = html.substring(beginIndex + 9, endIndex);
- startAuthResponse.setContent(html.getBytes());
- }
- Logger.info("HTML : " + html);
- os.write(startAuthResponse.getContent());
- Logger.info("Response sent to client");
- } catch (IOException e) {
- Logger.error("ERROR MOA");
- throw new MOAIDException("error response sending", new Object[]{});
+ STORKAuthnResponse authnResponse = new STORKAuthnResponse();
+ authnResponse.setCountry("AT");
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() });
+
+
+ // Prepare basic AT attributes
+ try {
+ IPersonalAttributeList moaAttrList = moasession.getStorkAttributes();
+ Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size());
+
+
+ for (PersonalAttribute personalAttribute : moaAttrList) {
+ Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus());
+ if (personalAttribute.getValue().size() > 0) {
+ for (String value : personalAttribute.getValue()) {
+ Logger.info(" Value found: " + value);
+ }
+ }
}
- //httpSession.setAttribute("CCC", ccc);
- */
+ } catch (Exception e) {
+ Logger.error("Exception, attributes: " + e.getMessage());
}
+ // Get personal attributtes from MOA/IdentityLink
+ authnResponse.setPersonalAttributeList(populateAttributes());
+
+ // Prepare extended attributes
+ Logger.debug("Preparing data container");
- //httpResp.setStatus(200);
- //VPEPSInboundPostHandler
-
// create fresh container
DataContainer container = new DataContainer();
-
+
// - fill in the request we extracted above
- container.setRequest(request);
+ container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest());
// - fill in the partial response created above
- container.setResponse(response);
+ container.setResponse(authnResponse);
// - memorize the target url were we have to return the result
- container.setTarget(target);
-
- // see if we need to fetch further attributes
- return (new AttributeCollector()).processRequest(container);
- }
+ container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
- public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
- return true;
- }
+ container.setRemoteAddress(httpReq.getRemoteAddr());
- /*
-
- public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) {
+ Logger.debug("Data container prepared");
- StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap<String, String>());
+ return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
- if (authnRequest.getSPID() != null) {
- Logger.debug("SP id: " + authnRequest.getSPID());
- } else {
- SpInstitution spInstitution = (SpInstitution)authnRequest.getExtensions().getUnknownXMLObjects(SpInstitution.DEFAULT_ELEMENT_NAME).get(0);
- Logger.debug("SP institution: " + spInstitution.getValue());
- }
+ }
- Logger.debug("SPEPS issuer: " + authnRequest.getIssuer().getValue());
- Logger.debug("SPEPS Consumer URL: " + authnRequest.getAssertionConsumerServiceURL());
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ return true;
+ }
+ public PersonalAttributeList populateAttributes() {
- try {
+ IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList();
+ Logger.info("Found " + attrLst.size() + " personal attributes in the request." );
- initVelocityEngine();
- VelocityContext velocityContext = new VelocityContext();
+ // Define attribute list to be populated
+ PersonalAttributeList attributeList = new PersonalAttributeList();
+ MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink());
- velocityContext.put("action", authnRequest.getDestination());
- if (authnRequest.getDOM() == null) {
- SAMLUtil.marshallMessage(authnRequest);
+ try {
+ for (PersonalAttribute personalAttribute : attrLst) {
+ Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
+ moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
}
-
- String messageXML = XMLHelper.nodeToString(authnRequest.getDOM());
- String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
- velocityContext.put("SAMLRequest", encodedMessage);
- ByteArrayOutputStream outStream = new ByteArrayOutputStream();
-
- Writer out = new OutputStreamWriter(outStream, "UTF-8");
- velocityEngine.mergeTemplate("/templates/saml2-post-binding.vm", "UTF-8", velocityContext, out);
- out.flush();
- authResponse.setContent(outStream.toByteArray());
-
- authResponse.addHeader("Content-Type", "text/html; charset=utf-8");
- authResponse.addHeader("Cache-Control", "no-cache");
- authResponse.setHttpStatusCode(200);
-
- } catch (Exception e) {
- Logger.error("ERROR");
+ } catch (Exception e) {
+ Logger.error("Exception, attributes: " + e.getMessage());
}
+ Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock());
+ Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName());
+ Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier());
+ Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken());
- return authResponse;
+ return attributeList;
}
- */
-
public String getDefaultActionName() {
return STORKProtocol.AUTHENTICATIONREQUEST;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java
index 40c827ef8..44ad0000a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java
@@ -22,8 +22,9 @@ public class DataContainer implements Serializable {
/** The target. */
private String target;
-
- /**
+ private String remoteAddress;
+
+ /**
* Gets the request.
*
* @return the request
@@ -76,4 +77,13 @@ public class DataContainer implements Serializable {
public void setTarget(String target) {
this.target = target;
}
+
+ /*
+ Sets IP address
+ */
+ public void setRemoteAddress(String address) { this.remoteAddress = address; }
+ public String getRemoteAddress() {
+ return this.remoteAddress;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java
index 669a9389b..9c0869d97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java
@@ -20,7 +20,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
*/
- @Override
public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession)
throws UnsupportedAttributeException {
PersonalAttributeList requestedAttributes = new PersonalAttributeList(1);
@@ -31,7 +30,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
*/
- @Override
public IPersonalAttributeList parse(HttpServletRequest httpReq) {
// TODO Auto-generated method stub
return null;
@@ -40,7 +38,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
- @Override
public void performRedirect(String url, String citizenCountyCode,
HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) {
// we should not get here
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java
index 2f6b69075..26fc00406 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java
@@ -20,7 +20,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
*/
- @Override
public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession)
throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {
throw new ExternalAttributeRequestRequiredException(this);
@@ -29,7 +28,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
*/
- @Override
public IPersonalAttributeList parse(HttpServletRequest httpReq) {
PersonalAttributeList requestedAttributes = new PersonalAttributeList(1);
requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList<String>(), ""));
@@ -39,7 +37,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
- @Override
public void performRedirect(String url, String citizenCountyCode,
HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) {
// we should not get here
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
index 8b96e0d10..758b70f2d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
@@ -55,7 +55,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute)
*/
- @Override
public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession)
throws UnsupportedAttributeException,
ExternalAttributeRequestRequiredException, MOAIDException {
@@ -203,7 +202,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter)
*/
- @Override
public void performRedirect(String url, String citizenCountyCode,
HttpServletRequest req, HttpServletResponse resp,
OAAuthParameter oaParam) throws MOAIDException {
@@ -213,7 +211,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
*/
- @Override
public IPersonalAttributeList parse(HttpServletRequest httpReq)
throws UnsupportedAttributeException, MOAIDException {
// there is no redirect required, so we throw an exception when someone asks us to parse a response
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
new file mode 100644
index 000000000..414e383fa
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -0,0 +1,94 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author bsuzic
+ * Date: 2/19/14, Time: 4:42 PM
+ */
+public class MOAAttributeProvider {
+ private final IdentityLink identityLink;
+ private static final Map<String, String> storkAttributeSimpleMapping;
+ private static final Map<String, String> storkAttributeFunctionMapping;
+
+ static {
+ Map<String, String> tempSimpleMap = new HashMap<String, String>();
+ tempSimpleMap.put("givenName", "getGivenName");
+ tempSimpleMap.put("surname", "getFamilyName");
+ tempSimpleMap.put("dateOfBirth", "getDateOfBirth");
+ storkAttributeSimpleMapping = Collections.unmodifiableMap(tempSimpleMap);
+ Map<String, String> tempFunctionMap = new HashMap<String, String>();
+ tempFunctionMap.put("eIdentifier", "geteIdentifier");
+ storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap);
+ }
+
+ public MOAAttributeProvider(IdentityLink identityLink) {
+ this.identityLink = identityLink;
+ Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue());
+ }
+
+ public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) {
+ String storkAttribute = requestedAttribute.getName();
+
+ if (storkAttributeSimpleMapping.containsKey(storkAttribute)) {
+ Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]");
+ try {
+ Method method = identityLink.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute));
+ populateAttributeWithMethod(method, identityLink, attributeList, storkAttribute, requestedAttribute.isRequired());
+ } catch (NoSuchMethodException e) {
+ Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute);
+ e.printStackTrace();
+ }
+
+ } else if (storkAttributeFunctionMapping.containsKey(storkAttribute)) {
+
+ Logger.debug("Trying to get value for attribute using function mapping [" + storkAttribute + "]");
+ try {
+ Method method = this.getClass().getDeclaredMethod(storkAttributeFunctionMapping.get(storkAttribute));
+ populateAttributeWithMethod(method, this, attributeList, storkAttribute, requestedAttribute.isRequired());
+ } catch (NoSuchMethodException e) {
+ Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute);
+ e.printStackTrace();
+ }
+ } else {
+ Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined.");
+ }
+ }
+
+ private String geteIdentifier() {
+ return "askdlaskdlaskdsds";
+ }
+
+ private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) {
+ try {
+ String attributeValue = method.invoke(object, new Class[]{}).toString();
+ PersonalAttribute newAttribute = new PersonalAttribute();
+ newAttribute.setName(storkAttribute);
+
+ newAttribute.setStatus("Available");
+ newAttribute.setIsRequired(isRequired);
+ Logger.debug("Got attribute value: " + attributeValue);
+ newAttribute.setValue(new ArrayList<String>(edu.emory.mathcs.backport.java.util.Collections.singletonList(attributeValue)));
+ attributeList.add(newAttribute);
+ } catch (InvocationTargetException e) {
+ Logger.error("Invocation target exception while getting attribute: " + storkAttribute);
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ Logger.error("Illegal access exception while getting attribute: " + storkAttribute);
+ e.printStackTrace();
+ }
+ }
+
+
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java
index c8a5ac84d..cee64e16e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java
@@ -8,9 +8,8 @@ import org.opensaml.common.xml.SAMLConstants;
* @author bsuzic
* Date: 12/4/13, Time: 6:31 PM
*/
-//public class STORKAuthnRequestDEL extends STORKAuthnRequestImpl implements IRequest {
-public class STORKAuthnRequestDEL implements IRequest {
+public class MOASTORKAuthnRequest implements IRequest {
private String requestID;
private String target = null;
String module = null;
@@ -26,6 +25,7 @@ public class STORKAuthnRequestDEL implements IRequest {
}
public String getOAURL() {
+
return "https://sp:8889/SP"; //
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java
deleted file mode 100644
index 54072b6a3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java
+++ /dev/null
@@ -1,105 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.stork2;
-
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
-import org.opensaml.ws.transport.http.HTTPInTransport;
-
-
-/**
- * @author bsuzic
- * Date: 1/22/14, Time: 5:30 PM
- */
-public class STORKAuthnReq implements IRequest {
- private String requestID;
- private String target = null;
- String module = null;
- String action = null;
- private STORKAuthnRequest storkAuthnRequest;
-
- public void setSTORKAuthnRequest(STORKAuthnRequest request) {
- this.storkAuthnRequest = request;
- }
-
- public STORKAuthnRequest getStorkAuthnRequest() {
- return this.storkAuthnRequest;
- }
-
- public void createStorkReq(HTTPInTransport profileReq) {
- Logger.debug("Generate stork request test...");
- storkAuthnRequest = new STORKAuthnRequest();
-
- BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext();
- samlMessageContext.setInboundMessageTransport(profileReq);
-
- HTTPPostDecoder postDecoder = new HTTPPostDecoder();
- postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator
-
- try {
- Logger.debug("Attempting to decode request...");
- postDecoder.decode(samlMessageContext);
- } catch (Exception e) {
- Logger.error("Error decoding STORKAuthnRequest", e);
- }
-
-
-
- //storkAuthnRequest = (STORKAuthnRequest)samlMessageContext.getInboundSAMLMessage();
- //samlMessageContext.getinbound
- //storkAuthnRequest.set
-
-
-
- }
-
-
-
- public String getOAURL() {
- return "https://sp:8889/SP"; //
- }
-
- public boolean isPassiv() {
- return false; //
- }
-
- public boolean forceAuth() {
- return false; //
- }
-
- public boolean isSSOSupported() {
- return false; //
- }
-
- public String requestedModule() {
- return this.module; //
- }
-
- public String requestedAction() {
- return action; //
- }
-
- public void setModule(String module) {
- this.module = module;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public String getTarget() {
- return this.target; //
- }
-
- public void setRequestID(String id) {
- this.requestID = id;
- }
-
- public String getRequestID() {
- return this.requestID; //
- }
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 318a8fc9c..502925a2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -1,6 +1,5 @@
package at.gv.egovernment.moa.id.protocols.stork2;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -9,7 +8,6 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.PEPSUtil;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
import org.opensaml.common.binding.BasicSAMLMessageContext;
@@ -109,8 +107,8 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
/*
STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage();
- //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage();
- STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL();
+ //MOASTORKAuthnRequest STORK2Request = (MOASTORKAuthnRequest)samlMessageContext.getInboundSAMLMessage();
+ MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest();
STORK2Request.setSTORKAuthnRequest(ST2Req);
Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode());
@@ -118,10 +116,10 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString());
*/
- STORKAuthnReq storkAuthnReq = new STORKAuthnReq();
+ //STORKAuthnReq storkAuthnReq = new STORKAuthnReq();
- STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL();
+ MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest();
//extract STORK Response from HTTP Request
@@ -155,6 +153,8 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
Logger.error("spi " + authnRequest.getSpInstitution());
+ STORK2Request.setSTORKAuthnRequest(authnRequest);
+
return STORK2Request;
}
@@ -170,6 +170,11 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
return false;
}
+
+ public void checkPersonalAttributes() {
+
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
new file mode 100644
index 000000000..e7cd87e85
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
@@ -0,0 +1,129 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
+import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+/**
+ * Forwards a signedDoc attribute request to the oasis-dss service instance
+ */
+public class SignedDocAttributeRequestProvider implements AttributeProvider {
+
+ private PersonalAttribute requestedAttribute;
+
+ /**
+ * The URL of the service listening for the oasis dss webform post request
+ */
+ private String oasisDssWebFormURL;
+
+ /**
+ * Instantiates a new signed doc attribute request provider.
+ *
+ * @param oasisDssWebFormURL
+ * the AP location
+ */
+ public SignedDocAttributeRequestProvider(String oasisDssWebFormURL) {
+ this.oasisDssWebFormURL = oasisDssWebFormURL;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java
+ * .lang.String)
+ */
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException,
+ ExternalAttributeRequestRequiredException {
+ requestedAttribute = attribute;
+
+ throw new ExternalAttributeRequestRequiredException(this);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax
+ * .servlet.http.HttpServletRequest)
+ */
+ public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException {
+ Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request");
+
+
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+ try {
+ String signResponse = new String(Base64.decodeBase64(httpReq.getParameter("signresponse")), "UTF8");
+ List<String> values = new ArrayList<String>();
+ values.add(signResponse);
+
+ Logger.debug("Assembling signedDoc attribute");
+ PersonalAttribute signedDocAttribute = new PersonalAttribute(requestedAttribute.getName(), requestedAttribute.isRequired(), values,
+ "Available");
+
+ // pack and return the result
+ PersonalAttributeList result = new PersonalAttributeList();
+ result.add(signedDocAttribute);
+ return result;
+ } catch (UnsupportedEncodingException e) {
+ Logger.error("Failed to assemble signedDoc attribute");
+ throw new MOAIDException("stork.05", null);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect
+ * (java.lang.String)
+ */
+ public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam)
+ throws MOAIDException {
+
+ try {
+ Logger.trace("Initialize VelocityEngine...");
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm");
+ VelocityContext context = new VelocityContext();
+ context.put("signrequest", Base64.encodeBase64String(requestedAttribute.getValue().get(0).getBytes("UTF8")));
+ context.put("action", oasisDssWebFormURL);
+
+ StringWriter writer = new StringWriter();
+ template.merge(context, writer);
+
+ resp.getOutputStream().write(writer.toString().getBytes());
+ } catch (Exception e) {
+ Logger.error("Error sending STORK SAML AttrRequest.", e);
+ throw new MOAIDException("stork.11", null);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
index bd6f192dc..4314e666e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
@@ -47,7 +47,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
*/
- @Override
public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession)
throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {
requestedAttributes = new PersonalAttributeList(1);
@@ -58,7 +57,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
*/
- @Override
public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException {
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
@@ -91,7 +89,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String)
*/
- @Override
public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException {
String spSector = "Business";
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm b/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm
new file mode 100644
index 000000000..7fcc1bb36
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm
@@ -0,0 +1,36 @@
+##
+## Velocity Template for OASIS WEBFORM BINDING
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## signresponse - String - the Base64 encoded SAML Request
+## verifyresponse - String - the Base64 encoded SAML Response
+## clienturl - String - URL where the USer gets redirected after the signature process
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+ <body onload="document.forms[0].submit()">
+ <noscript>
+ <p>
+ <strong>Note:</strong> Since your browser does not support JavaScript,
+ you must press the Continue button once to proceed.
+ </p>
+ </noscript>
+
+ <form action="${action}" method="post">
+ <div>
+ #if($signrequest)<input type="hidden" name="signrequest" value="${signrequest}"/>#end
+
+ #if($verifyrequest)<input type="hidden" name="verifyrequest" value="${verifyrequest}"/>#end
+ #if($clienturl)<input type="hidden" name="clienturl" value="${clienturl}"/>#end
+
+ </div>
+ <noscript>
+ <div>
+ <input type="submit" value="Continue"/>
+ </div>
+ </noscript>
+ </form>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html
new file mode 100644
index 000000000..f655caee0
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html
@@ -0,0 +1,42 @@
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+<body onload="document.forms[0].submit()">
+ <noscript>
+ <p>
+ <strong>Note:</strong> Since your browser does not support
+ JavaScript, you must press the Continue button once to proceed.
+ </p>
+ </noscript>
+
+
+ <div id="alert">Your login is being processed. Thank you for
+ waiting.</div>
+
+ <style type="text/css">
+<!--
+#alert {
+ margin: 100px 250px;
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+ font-size: 14px;
+ font-weight: normal;
+}
+-->
+</style>
+
+ <form action="${action}" method="post" target="_parent">
+ <div>
+ #if($RelayState)<input type="hidden" name="RelayState"
+ value="${RelayState}" />#end #if($SAMLRequest)<input type="hidden"
+ name="SAMLRequest" value="${SAMLRequest}" />#end #if($SAMLResponse)<input
+ type="hidden" name="SAMLResponse" value="${SAMLResponse}" />#end
+
+ </div>
+ <noscript>
+ <div>
+ <input type="submit" value="Continue" />
+ </div>
+ </noscript>
+ </form>
+
+</body>
+</html>