diff options
Diffstat (limited to 'id/server/idserverlib')
11 files changed, 185 insertions, 35 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java index e9d802e17..1d51d91f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java @@ -7,6 +7,7 @@ import org.apache.velocity.app.VelocityEngine;  import org.apache.velocity.runtime.RuntimeConstants;  import org.opensaml.common.SAMLObject;  import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants;  import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder;  import org.opensaml.saml2.core.RequestAbstractType;  import org.opensaml.saml2.core.StatusResponseType; @@ -61,11 +62,10 @@ public class ArtifactBinding implements IDecoder, IEncoder {  			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();  			SingleSignOnService service = new SingleSignOnServiceBuilder()  					.buildObject(); -			service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"); +			service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);  			service.setLocation(targetLocation);  			context.setOutboundSAMLMessageSigningCredential(credentials);  			context.setPeerEntityEndpoint(service); -			// context.setOutboundMessage(authReq);  			context.setOutboundSAMLMessage(response);  			context.setOutboundMessageTransport(responseAdapter); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index 0820b5d4f..04ec3eaee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -73,12 +73,7 @@ public class SoapBinding implements IDecoder, IEncoder {  			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(  					resp, true);  			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); -			SingleSignOnService service = new SingleSignOnServiceBuilder() -					.buildObject(); -			service.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); -			service.setLocation(targetLocation);  			context.setOutboundSAMLMessageSigningCredential(credentials); -			context.setPeerEntityEndpoint(service);  			context.setOutboundSAMLMessage(response);  			context.setOutboundMessageTransport(responseAdapter); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 8bdfe3e5d..1962d1c7b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNat  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; @@ -63,6 +64,7 @@ public class PVPAttributeBuilder {  		addBuilder(new MandateProfRepOIDAttributeBuilder());  		addBuilder(new MandateProfRepDescAttributeBuilder());  		addBuilder(new MandateReferenceValueAttributeBuilder()); +		addBuilder(new MandateFullMandateAttributeBuilder());  	}  	public static Attribute buildAttribute(String name, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java new file mode 100644 index 000000000..9e51f97ae --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.io.IOException; + +import javax.xml.transform.TransformerException; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; + +public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder { + +	public String getName() { +		return MANDATE_FULL_MANDATE_NAME; +	} + +	public Attribute build(AuthenticationSession authSession) +			throws PVP2Exception { +		if (authSession.getUseMandate()) { +			if (authSession.getMandate() != null) { +				String fullMandate; +				try { +					fullMandate = DOMUtils.serializeNode(authSession +							.getMandate()); +					return buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, +							MANDATE_FULL_MANDATE_NAME, fullMandate); +				} catch (TransformerException e) { +					Logger.error("Failed to generate Full Mandate", e); +				} catch (IOException e) { +					Logger.error("Failed to generate Full Mandate", e); +				} +			} +		} +		return null; + +	} + +	public Attribute buildEmpty() { +		return buildemptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, +				MANDATE_FULL_MANDATE_NAME); +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java index 8588b6424..6a066874a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -3,11 +3,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;  import org.opensaml.saml2.core.Attribute;  import org.w3c.dom.Element; -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;  public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder { @@ -21,14 +21,17 @@ public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder {  			if(mandate == null) {  				throw new NoMandateDataAvailableException();  			} -			Mandate mandateObject = MandateBuilder.buildMandate(mandate); -			if(mandateObject == null) { -				throw new NoMandateDataAvailableException(); +			 +			String text = AttributeExtractor.extractSAMLAttributeOA( +					ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,   +					authSession); +			 +			if(text == null) { +				return null;  			} -			//TODO: extract PROF REP DESCRIPTION  			return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,  -					MANDATE_PROF_REP_DESC_NAME, "TODO"); +					MANDATE_PROF_REP_DESC_NAME, text);  		}  		return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java index 9f655761b..ddc7f6671 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -3,11 +3,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;  import org.opensaml.saml2.core.Attribute;  import org.w3c.dom.Element; -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;  public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder { @@ -21,14 +21,17 @@ public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder {  			if(mandate == null) {  				throw new NoMandateDataAvailableException();  			} -			Mandate mandateObject = MandateBuilder.buildMandate(mandate); -			if(mandateObject == null) { -				throw new NoMandateDataAvailableException(); +			 +			String oid = AttributeExtractor.extractSAMLAttributeOA( +					ParepValidator.EXT_SAML_MANDATE_OID,   +					authSession); +			 +			if(oid == null) { +				return null;  			} -			//TODO: extract PROF REP OID  			return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME,  -					MANDATE_PROF_REP_OID_NAME, "TODO"); +					MANDATE_PROF_REP_OID_NAME, oid);  		}  		return null; @@ -40,3 +43,4 @@ public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder {  				MANDATE_PROF_REP_OID_NAME);  	}  } + 
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java new file mode 100644 index 000000000..61c41d82b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class RequestDeniedException extends PVP2Exception { + +	public RequestDeniedException() { +		super("pvp2.14", null); +		this.statusCodeValue = StatusCode.REQUEST_DENIED_URI; +	} + +	/** +	 *  +	 */ +	private static final long serialVersionUID = 4415896615794730553L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java index 3d2bd33b0..c18296383 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java @@ -8,9 +8,13 @@ import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry  import org.opensaml.saml2.core.ArtifactResolve;  import org.opensaml.saml2.core.ArtifactResponse; +import at.gv.egovernment.moa.id.MOAIDException;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;  import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger;  public class ArtifactResolution implements IRequestHandler { @@ -19,24 +23,33 @@ public class ArtifactResolution implements IRequestHandler {  	}  	public void process(MOARequest obj, HttpServletRequest req, -			HttpServletResponse resp) { -		if(!handleObject(obj)) { -			// TODO: throw exception -			return; +			HttpServletResponse resp) throws MOAIDException { +		if (!handleObject(obj)) { +			throw new MOAIDException("pvp2.13", null);  		} -		 -		ArtifactResolve artifactResolve = (ArtifactResolve)obj.getSamlRequest(); + +		ArtifactResolve artifactResolve = (ArtifactResolve) obj +				.getSamlRequest();  		String artifactID = artifactResolve.getArtifact().getArtifact(); -		 +  		PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance(); -		if(!pvpAssertion.contains(artifactID)) { -			// TODO: send not found ... + +		if (!pvpAssertion.contains(artifactID)) { +			throw new RequestDeniedException();  		} else { -			SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID); -			ArtifactResponse response = SAML2Utils.createSAMLObject(ArtifactResponse.class); -			response.setMessage(assertion.getSamlMessage()); -			response.setIssueInstant(new DateTime()); +			try { +				SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID); +				ArtifactResponse response = SAML2Utils +						.createSAMLObject(ArtifactResponse.class); +				response.setMessage(assertion.getSamlMessage()); +				response.setIssueInstant(new DateTime()); +				SoapBinding encoder = new SoapBinding(); +				encoder.encodeRespone(req, resp, response, null); +			} catch (Exception e) { +				Logger.error("Failed to resolve artifact", e); +			}  		} +  	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java index 29c960dd6..9121f7558 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java @@ -27,6 +27,7 @@ public class RequestManager {  	private RequestManager() {  		handler = new ArrayList<IRequestHandler>();  		handler.add(new AuthnRequestHandler()); +		handler.add(new ArtifactResolution());  	}  	public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp)  diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java new file mode 100644 index 000000000..a59fc17c5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java @@ -0,0 +1,66 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.util.Iterator; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; + +public class AttributeExtractor { +	 +	public static String extractSAMLAttributeOA(String name,  +			AuthenticationSession authSession) { +		List extAttributes = authSession.getExtendedSAMLAttributesOA(); +		if(extAttributes == null) { +			return null; +		} +		Iterator extAttributesIt = extAttributes.iterator(); +		String value = null; +		while(extAttributesIt.hasNext()) { +			Object attr = extAttributesIt.next(); +			if(attr instanceof ExtendedSAMLAttribute) { +				ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; +				if(extAttribute.getName().equals(name)) { +					if(extAttribute.getValue() instanceof String) { +						return extAttribute.getValue().toString(); +					} +					break; +				} +			} +		} +		return null; +	} +	 +	public static String extractSAMLAttributeAUTH(String name,  +			AuthenticationSession authSession) { +		List extAttributes = authSession.getExtendedSAMLAttributesAUTH(); +		if(extAttributes == null) { +			return null; +		} +		Iterator extAttributesIt = extAttributes.iterator(); +		String value = null; +		while(extAttributesIt.hasNext()) { +			Object attr = extAttributesIt.next(); +			if(attr instanceof ExtendedSAMLAttribute) { +				ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; +				if(extAttribute.getName().equals(name)) { +					if(extAttribute.getValue() instanceof String) { +						return extAttribute.getValue().toString(); +					} +					break; +				} +			} +		} +		return null; +	} +	 +	public static String extractSAMLAttributeBOTH(String name,  +			AuthenticationSession authSession) { +		String value = extractSAMLAttributeOA(name, authSession); +		if(value == null) { +			value = extractSAMLAttributeAUTH(name, authSession); +		} +		return value; +	} +} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index aa0418e77..369cbd5b6 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -199,4 +199,5 @@ pvp2.09=SAML Anfrage wird nicht unterstuetzt  pvp2.10=Attribut {0} nicht verfuegbar
  pvp2.11=Binding {0} wird nicht unterstuetzt
  pvp2.12=NameID Format {0} wird nicht unterstuetzt
 -pvp2.13=Interner Server Fehler
\ No newline at end of file +pvp2.13=Interner Server Fehler
 +pvp2.14=SAML Anfrage verweigert
\ No newline at end of file | 
