aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java269
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java69
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java70
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java178
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html42
12 files changed, 680 insertions, 10 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 7608f9f93..25e73d595 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1875,7 +1875,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
- Logger.debug("Preparing to assemble STORK AuthnRequest witt the following values:");
+ Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:");
String destination = cpeps.getPepsURL().toExternalForm();
Logger.debug("C-PEPS URL: " + destination);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
index d6d22fe4a..479775dd5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
@@ -110,9 +110,11 @@ public class SignatureVerificationInvoker {
authConnParam = authConfigProvider.getMoaSpConnectionParameter();
//If the ConnectionParameter do NOT exist, we try to get the api to work....
if (authConnParam != null) {
+ Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
endPoint = authConnParam.getUrl();
call.setTargetEndpointAddress(endPoint);
responses = (Vector) call.invoke(serviceName, params);
+ Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used
response = (SOAPBodyElement) responses.get(0);
return response.getAsDOM();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index b356c6f35..41be2c7e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -331,6 +331,7 @@ public class PEPSConnectorServlet extends AuthServlet {
//TODO: found better solution, but QAA Level in response could be not supported yet
try {
+
moasession.setQAALevel(authnResponse.getAssertions().get(0).
getAuthnStatements().get(0).getAuthnContext().
getAuthnContextClassRef().getAuthnContextClassRef());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 0d39a4bc5..7e248243b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -123,11 +123,12 @@ public class VerifyXMLSignatureResponseValidator {
checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null);
if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5)
checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null);
-
- if (whatToCheck.equals(CHECK_IDENTITY_LINK))
- throw new ValidateException("validator.07", new Object[] { checkFailedReason } );
- else
- throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
+
+ // TEST CARDS
+ // if (whatToCheck.equals(CHECK_IDENTITY_LINK))
+ // throw new ValidateException("validator.07", new Object[] { checkFailedReason } );
+ // else
+ // throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
}
if (ignoreManifestValidationResult) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index 463930fd7..659035337 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -25,6 +25,7 @@
*/
package at.gv.egovernment.moa.id.config.stork;
+import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
@@ -33,10 +34,15 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.xml.sax.SAXException;
+
+import javax.xml.parsers.ParserConfigurationException;
/**
* Encapsulates several STORK configuration parameters according MOA configuration
@@ -59,8 +65,9 @@ public class STORKConfig {
this.props = props;
//create CPEPS map
- List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
-
+ //List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
+ List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = new ArrayList<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS>(); // TODO Change this
+
cpepsMap = new HashMap<String, CPEPS>();
for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
@@ -74,16 +81,44 @@ public class STORKConfig {
Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ cpep.getCountryCode() + " has an invalid URL and is ignored.");
}
+ /*catch (ParserConfigurationException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (SAXException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (IOException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (MessageEncodingException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ }*/
}
-
+
+ SAMLSigningParameter samlsign = null;
+ try {
+ samlsign = stork.getSAMLSigningParameter(); // TODO Fix nullpointerexception when nothing is configured
+ }
+ catch (Exception ex) {
+ Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
+ }
+
+ if (samlsign == null) {
+ Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
attr = new ArrayList<StorkAttribute>();
+ try {
for(StorkAttribute current : stork.getAttributes()) {
attr.add(current);
- }
+ } } catch (Exception ex) { // TODO FIX FIX
+ Logger.warn("Error in MOA-ID Configuration. No STORK->Attributes found.");
+ }
}
+ }
+
public SignatureCreationParameter getSignatureCreationParameter() {
return new SignatureCreationParameter(props, basedirectory);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index b5f0a7557..a45eb2b9e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -510,6 +510,8 @@ public class DispatcherServlet extends AuthServlet{
ConfigurationDBUtils.closeSession();
}
+ Logger.info("Clossing Dispatcher processing loop");
+ Logger.info("Http response prepared sent: " + resp.toString());
}
@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java
index 91f98608c..4a1da76e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java
@@ -33,6 +33,7 @@ public class ModulStorage {
private static final String[] modulClasses = new String[]{
"at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol",
"at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol",
+ "at.gv.egovernment.moa.id.protocols.stork2.STORKProtocol",
"at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol"
};
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
new file mode 100644
index 000000000..a537a7708
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -0,0 +1,269 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.logging.Logger;
+import edu.emory.mathcs.backport.java.util.Collections;
+import eu.stork.peps.auth.commons.*;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import org.apache.commons.io.IOUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.*;
+import java.util.ArrayList;
+
+
+/**
+ * @author bsuzic
+ * Date: 12/3/13, Time: 2:08 PM
+ */
+
+public class AuthenticationRequest implements IAction {
+ /*
+ Second request step - after authentication of the user is done and moasession obtained,
+ process request and forward the user further to PEPS and/or other entities
+ */
+
+
+ private VelocityEngine velocityEngine;
+ private AuthenticationSession moaSession;
+ private MOASTORKAuthnRequest moaStorkAuthnRequest;
+
+
+ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+
+ this.moaSession = moasession;
+ this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req;
+
+ Logger.debug("Starting AuthenticationRequest");
+ //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession);
+ Logger.debug("Http Response: " + httpResp.toString() + ", ");
+ Logger.debug("Remote user: " + httpReq.getRemoteAddr());
+ Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget());
+ httpResp.reset();
+ //httpResp.addHeader("Location", "http:/www.google.com");
+ if (req instanceof MOASTORKAuthnRequest) {
+ /*
+ Logger.debug("STORK QAA 2 :" + ((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getQAALevel());
+ StartAuthResponse startAuthResponse = getStartAuthResponse(((MOASTORKAuthnRequest) req).getStorkAuthnRequest());
+
+ HttpSession httpSession = httpReq.getSession();
+ httpSession.setAttribute("STORKSessionID", "12345");
+ httpResp.setStatus(startAuthResponse.getHttpStatusCode());
+ try {
+ ServletOutputStream os = httpResp.getOutputStream();
+ String html = new String(startAuthResponse.getContent());
+
+
+ if (html.contains("<![CDATA[")) {
+ Logger.info("-------- content contains <![CDATA[-----------------");
+ Logger.info("-------- content contains html -----------------");
+ Logger.info("HTML : " + html);
+ int beginIndex = html.indexOf("<![CDATA[");
+ int endIndex = html.indexOf("]]>");
+ html = html.substring(beginIndex + 9, endIndex);
+ startAuthResponse.setContent(html.getBytes());
+ }
+ Logger.info("HTML : " + html);
+
+ os.write(startAuthResponse.getContent());
+ Logger.info("Response sent to client");
+ } catch (IOException e) {
+ Logger.error("ERROR MOA");
+ throw new MOAIDException("error response sending", new Object[]{});
+ }
+ //httpSession.setAttribute("CCC", ccc);
+
+ */
+ }
+
+
+ //httpResp.setStatus(200);
+ //VPEPSInboundPostHandler
+
+
+ STORKAuthnResponse authnResponse = new STORKAuthnResponse();
+ authnResponse.setCountry("AT");
+
+
+
+
+
+ try {
+ IPersonalAttributeList moaAttrList = moasession.getStorkAttributes();
+ Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size());
+
+
+ for (PersonalAttribute personalAttribute : moaAttrList) {
+ Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus());
+ if (personalAttribute.getValue().size() > 0) {
+ for (String value : personalAttribute.getValue()) {
+ Logger.info(" Value found: " + value);
+ }
+ }
+ }
+
+ } catch (Exception e) {
+ Logger.error("Exception, attributes: " + e.getMessage());
+ }
+
+ authnResponse.setPersonalAttributeList(populateAttributes());
+
+ try {
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming");
+ Logger.debug("Starting generation of SAML response");
+ authnResponse = engine.generateSTORKAuthnResponse(((MOASTORKAuthnRequest)req).getStorkAuthnRequest(),authnResponse,httpReq.getRemoteAddr(),false);
+ //generateSAML Token
+ Logger.info("SAML response succesfully generated!");
+ }catch(STORKSAMLEngineException e){
+ Logger.error("Failed to generate STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null);
+ }
+
+ Logger.info("STORK SAML Response message succesfully generated ");
+ Logger.debug("STORK response: ");
+
+ Logger.debug("authn response string: " + authnResponse.toString());
+
+ String statusCodeValue = authnResponse.getStatusCode();
+ Logger.debug("authn status code value: " + statusCodeValue);
+
+ try {
+ Logger.debug("authn saml plain:" + authnResponse.getTokenSaml());
+ Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // radi
+ Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+
+ try {
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
+ //Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString()));
+
+ //context.put("SAMLResponse", IOUtils.toString(authnResponse.getTokenSaml()));
+
+ context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+ Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+ //Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.encode(context.get("SAMLResponse").toString().getBytes()));
+
+ Logger.debug("Putting assertion consumer url as action: " + ((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
+ context.put("action", ((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
+ Logger.debug("Starting template merge");
+ StringWriter writer = new StringWriter();
+ //PrintWriter pwriter = new StringWriter();
+
+ Logger.debug("Doing template merge");
+ template.merge(context, writer);
+ Logger.debug("Template merge done");
+
+ Logger.debug("Sending html content: " + writer.getBuffer().toString());
+ Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
+
+
+
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+ } catch (Exception e) {
+ Logger.error("Velocity error: " + e.getMessage());
+ }
+
+ HttpSession httpSession = httpReq.getSession();
+ httpSession.setAttribute("STORKSessionID", "12345");
+ Logger.info("Status code again: " + authnResponse.getStatusCode());
+
+
+
+
+ return "12345"; // AssertionId
+ }
+
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ return true;
+ }
+
+
+ public PersonalAttributeList populateAttributes() {
+
+ IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList();
+ Logger.info("Found " + attrLst.size() + " personal attributes in the request." );
+
+ // Define attribute list to be populated
+ PersonalAttributeList attributeList = new PersonalAttributeList();
+ MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink());
+
+ try {
+ for (PersonalAttribute personalAttribute : attrLst) {
+ Logger.debug("Personal attribute found: " + personalAttribute.getName() + " status: " + personalAttribute.getStatus() + " isrequired: " + personalAttribute.isRequired() + " type: " + personalAttribute.getType());
+
+ if ("givenName".equals(personalAttribute.getName())) {
+ Logger.debug("Providing new attribute: " + personalAttribute.getName());
+ PersonalAttribute newAttribute = new PersonalAttribute();
+ newAttribute.setName("givenName");
+ newAttribute.setValue(new ArrayList<String>(Collections.singletonList(moaSession.getIdentityLink().getGivenName())));
+ attributeList.add(newAttribute);
+ }
+
+ if (personalAttribute.getValue().size() > 0) {
+ for (String value : personalAttribute.getValue()) {
+ Logger.info(" Value found: " + value);
+ }
+ }
+ }
+ } catch (Exception e) {
+ Logger.error("Exception, attributes: " + e.getMessage());
+ }
+
+
+ Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock());
+ Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName());
+
+
+ Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier());
+
+
+ Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken());
+
+ // moaAttributeProvider.populateAttribute(attributeList, personalAttribute.getName());
+
+ moaAttributeProvider.populateAttribute(attributeList, "givenName");
+
+ moaAttributeProvider.populateAttribute(attributeList, "surname");
+
+ moaAttributeProvider.populateAttribute(attributeList, "xxname");
+
+ moaAttributeProvider.populateAttribute(attributeList, "dateOfBirth");
+
+ return attributeList;
+ }
+
+ public String getDefaultActionName() {
+ return STORKProtocol.AUTHENTICATIONREQUEST;
+ }
+
+
+ private void initVelocityEngine() throws Exception {
+ velocityEngine = new VelocityEngine();
+ velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+ velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ velocityEngine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+
+ velocityEngine.init();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
new file mode 100644
index 000000000..33c1ffcd2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -0,0 +1,69 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author bsuzic
+ * Date: 2/19/14, Time: 4:42 PM
+ */
+public class MOAAttributeProvider {
+ private final IdentityLink identityLink;
+ private static final Map<String, String> storkAttributeMapping;
+
+ static {
+ Map<String, String> tempMap = new HashMap<String, String>();
+ tempMap.put("givenName", "getGivenName");
+ tempMap.put("surname", "getFamilyName");
+ tempMap.put("dateOfBirth", "getDateOfBirth");
+ storkAttributeMapping = Collections.unmodifiableMap(tempMap);
+ }
+
+
+ public MOAAttributeProvider(IdentityLink identityLink) {
+ this.identityLink = identityLink;
+ Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue());
+ }
+
+ public void populateAttribute(PersonalAttributeList attributeList, String storkAttribute) {
+
+ if (storkAttributeMapping.containsKey(storkAttribute)) {
+ Method method = null;
+ Logger.debug("Trying to get value for attribute: " + storkAttribute);
+
+ try {
+ method = identityLink.getClass().getDeclaredMethod(storkAttributeMapping.get(storkAttribute));
+ String attributeValue = method.invoke(identityLink, new Class[]{}).toString();
+ PersonalAttribute newAttribute = new PersonalAttribute();
+ newAttribute.setName(storkAttribute);
+ Logger.debug("Got attribute value: " + attributeValue);
+ newAttribute.setValue(new ArrayList<String>(edu.emory.mathcs.backport.java.util.Collections.singletonList(attributeValue)));
+ attributeList.add(newAttribute);
+ } catch (NoSuchMethodException e) {
+ Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute);
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ Logger.error("Invocation target expcetiion while getting attribute: " + storkAttribute);
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ Logger.error("Illegal access exception while getting attribute: " + storkAttribute);
+ e.printStackTrace();
+ }
+
+ } else {
+ Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined.");
+ }
+
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java
new file mode 100644
index 000000000..c9fb136c9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java
@@ -0,0 +1,70 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import org.opensaml.common.xml.SAMLConstants;
+
+/**
+ * @author bsuzic
+ * Date: 12/4/13, Time: 6:31 PM
+ */
+
+public class MOASTORKAuthnRequest implements IRequest {
+ private String requestID;
+ private String target = null;
+ String module = null;
+ String action = null;
+ private STORKAuthnRequest storkAuthnRequest;
+
+ public void setSTORKAuthnRequest(STORKAuthnRequest request) {
+ this.storkAuthnRequest = request;
+ }
+
+ public STORKAuthnRequest getStorkAuthnRequest() {
+ return this.storkAuthnRequest;
+ }
+
+ public String getOAURL() {
+ return "https://sp:8889/SP"; //
+ }
+
+ public boolean isPassiv() {
+ return false; //
+ }
+
+ public boolean forceAuth() {
+ return false; //
+ }
+
+ public boolean isSSOSupported() {
+ return false; //
+ }
+
+ public String requestedModule() {
+ return this.module; //
+ }
+
+ public String requestedAction() {
+ return action; //
+ }
+
+ public void setModule(String module) {
+ this.module = module;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public String getTarget() {
+ return this.target; //
+ }
+
+ public void setRequestID(String id) {
+ this.requestID = id;
+ }
+
+ public String getRequestID() {
+ return this.requestID; //
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
new file mode 100644
index 000000000..3d7852c4b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -0,0 +1,178 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
+import org.opensaml.ws.transport.http.HTTPInTransport;
+import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Collections;
+import java.util.HashMap;
+
+/**
+ * Stork 2 Protocol Support
+ * Date: 11/29/13, Time: 12:32 PM
+ * @author bsuzic
+ */
+public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
+
+ public static final String NAME = STORKProtocol.class.getName();
+ public static final String PATH = "id_stork2";
+
+ public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
+
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
+ static {
+
+ actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
+
+ instance = new STORKProtocol();
+ }
+
+ private static STORKProtocol instance = null;
+
+
+ public String getName() {
+ return NAME;
+ }
+
+ public String getPath() {
+ return PATH;
+ }
+
+ public IAction getAction(String action) {
+ return actions.get(action);
+ }
+
+ public STORKProtocol() {
+ super(); //
+ }
+
+ /*
+ First request step - send it to BKU selection for user authentication. After the user credentials
+ and other info are obtained, in the second step the request will be processed and the user redirected
+ */
+ public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException {
+ Logger.debug("Starting preprocessing");
+ Logger.debug("Got request: " + request.toString());
+ Logger.debug("Request method: " + request.getMethod());
+ for (Object o : Collections.list(request.getHeaderNames())) {
+ Logger.debug("Request header: " + o.toString() + ":::" + request.getHeader(o.toString()));
+ }
+ for (Object o : Collections.list(request.getParameterNames())) {
+ Logger.debug("Request parameter: " + o.toString() + "::::" + request.getParameter(o.toString()));
+ }
+
+ Logger.debug("Request content length: " + request.getContentLength());
+ Logger.debug("Request query: " + request.getQueryString());
+ Logger.debug("Response: " + response.toString());
+ Logger.debug("Action: " + action);
+
+ Logger.debug("Processing saml request");
+ String SAMLRequest = request.getParameter("SAMLRequest");
+
+ HTTPInTransport profileReq = new HttpServletRequestAdapter(request);
+ HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure());
+
+
+ BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext();
+ samlMessageContext.setInboundMessageTransport(profileReq);
+
+ HTTPPostDecoder postDecoder = new HTTPPostDecoder();
+ postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator
+
+ try {
+ Logger.debug("Attempting to decode request...");
+ postDecoder.decode(samlMessageContext);
+ } catch (Exception e) {
+ Logger.error("Error decoding STORKAuthnRequest", e);
+ }
+ /*
+
+ STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage();
+ //MOASTORKAuthnRequest STORK2Request = (MOASTORKAuthnRequest)samlMessageContext.getInboundSAMLMessage();
+ MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest();
+ STORK2Request.setSTORKAuthnRequest(ST2Req);
+
+ Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode());
+ Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel());
+ Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString());
+
+ */
+ //STORKAuthnReq storkAuthnReq = new STORKAuthnReq();
+
+
+ MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest();
+
+
+ //extract STORK Response from HTTP Request
+ //Decodes SAML Response
+
+
+ byte[] decSamlToken;
+ try {
+ decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest"));
+ } catch(NullPointerException e) {
+ Logger.error("Unable to retrieve STORK Response", e);
+ throw new MOAIDException("stork.04", null);
+ }
+
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming");
+
+ STORKAuthnRequest authnRequest = null;
+ Logger.error("decsamltoken" +decSamlToken.toString());
+
+ try {
+ authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);
+ } catch (STORKSAMLEngineException ex) {
+ Logger.error("Unable to validate storkrkauthnreqeust" + ex.getMessage() );
+ }
+
+ Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL());
+ Logger.error("cc " + authnRequest.getCitizenCountryCode());
+ Logger.error("iss " + authnRequest.getIssuer());
+ Logger.error("spid " + authnRequest.getSPID());
+ Logger.error("spi " + authnRequest.getSpInstitution());
+
+
+ STORK2Request.setSTORKAuthnRequest(authnRequest);
+
+
+ return STORK2Request;
+ }
+
+ public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
+ return null;
+ }
+
+ public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
+ return false;
+ }
+
+ public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
+ return false;
+ }
+
+ public void checkPersonalAttributes() {
+
+
+ }
+}
+
+
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html
new file mode 100644
index 000000000..f655caee0
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html
@@ -0,0 +1,42 @@
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+<body onload="document.forms[0].submit()">
+ <noscript>
+ <p>
+ <strong>Note:</strong> Since your browser does not support
+ JavaScript, you must press the Continue button once to proceed.
+ </p>
+ </noscript>
+
+
+ <div id="alert">Your login is being processed. Thank you for
+ waiting.</div>
+
+ <style type="text/css">
+<!--
+#alert {
+ margin: 100px 250px;
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+ font-size: 14px;
+ font-weight: normal;
+}
+-->
+</style>
+
+ <form action="${action}" method="post" target="_parent">
+ <div>
+ #if($RelayState)<input type="hidden" name="RelayState"
+ value="${RelayState}" />#end #if($SAMLRequest)<input type="hidden"
+ name="SAMLRequest" value="${SAMLRequest}" />#end #if($SAMLResponse)<input
+ type="hidden" name="SAMLResponse" value="${SAMLResponse}" />#end
+
+ </div>
+ <noscript>
+ <div>
+ <input type="submit" value="Continue" />
+ </div>
+ </noscript>
+ </form>
+
+</body>
+</html>