aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/moa-id-lib.iml21
-rw-r--r--id/server/idserverlib/pom.xml28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java194
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java188
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java219
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java105
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java105
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java105
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java71
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java99
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java2
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties2
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html42
23 files changed, 799 insertions, 577 deletions
diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml
index 1c04295d7..d995f23af 100644
--- a/id/server/idserverlib/moa-id-lib.iml
+++ b/id/server/idserverlib/moa-id-lib.iml
@@ -43,20 +43,7 @@
<orderEntry type="library" name="Maven: commons-io:commons-io:2.2" level="project" />
<orderEntry type="library" name="Maven: eu.stork:oasis-dss-api:1.0.0-SNAPSHOT" level="project" />
<orderEntry type="library" scope="TEST" name="Maven: junit:junit:3.8.1" level="project" />
- <orderEntry type="library" name="Maven: com.sun.xml.ws:jaxws-rt:2.1.7" level="project" />
- <orderEntry type="library" name="Maven: javax.xml.ws:jaxws-api:2.1" level="project" />
- <orderEntry type="library" name="Maven: javax.xml.bind:jaxb-api:2.2.6" level="project" />
- <orderEntry type="library" name="Maven: com.sun.xml.bind:jaxb-impl:2.2.5" level="project" />
- <orderEntry type="library" name="Maven: com.sun.xml.messaging.saaj:saaj-impl:1.3.3" level="project" />
- <orderEntry type="library" name="Maven: javax.xml.soap:saaj-api:1.3" level="project" />
- <orderEntry type="library" name="Maven: javax.activation:activation:1.1" level="project" />
- <orderEntry type="library" name="Maven: com.sun.xml.stream.buffer:streambuffer:0.9" level="project" />
- <orderEntry type="library" name="Maven: org.jvnet.staxex:stax-ex:1.2" level="project" />
- <orderEntry type="library" name="Maven: javax.xml.stream:stax-api:1.0" level="project" />
- <orderEntry type="library" name="Maven: org.codehaus.woodstox:wstx-asl:3.2.3" level="project" />
- <orderEntry type="library" name="Maven: stax:stax-api:1.0.1" level="project" />
- <orderEntry type="library" name="Maven: com.sun.org.apache.xml.internal:resolver:20050927" level="project" />
- <orderEntry type="library" name="Maven: org.jvnet:mimepull:1.3" level="project" />
+ <orderEntry type="library" name="Maven: eu.medsea.mimeutil:mime-util:2.1.3" level="project" />
<orderEntry type="module" module-name="moa-id-commons" />
<orderEntry type="library" name="Maven: org.hibernate:hibernate-core:4.2.1.Final" level="project" />
<orderEntry type="library" name="Maven: antlr:antlr:2.7.7" level="project" />
@@ -88,12 +75,12 @@
<orderEntry type="library" name="Maven: org.jvnet.hyperjaxb3:hyperjaxb3-ejb-roundtrip:0.5.6" level="project" />
<orderEntry type="library" name="Maven: org.jvnet.jaxb2_commons:jaxb2-basics-testing:0.6.2" level="project" />
<orderEntry type="library" name="Maven: xmlunit:xmlunit:1.0" level="project" />
- <orderEntry type="library" name="Maven: org.slf4j:slf4j-log4j12:1.6.1" level="project" />
<orderEntry type="library" name="Maven: org.jvnet.hyperjaxb3:hyperjaxb3-ejb-schemas-persistence:0.5.6" level="project" />
<orderEntry type="library" name="Maven: org.jvnet.hyperjaxb3:hyperjaxb3-ejb-schemas-customizations:0.5.6" level="project" />
<orderEntry type="library" name="Maven: org.springframework:spring:2.0.7" level="project" />
<orderEntry type="library" name="Maven: org.jvnet.jaxb2.maven2:maven-jaxb2-plugin:0.8.0" level="project" />
<orderEntry type="library" name="Maven: org.jvnet.jaxb2.maven2:maven-jaxb2-plugin-core:0.8.0" level="project" />
+ <orderEntry type="library" name="Maven: com.sun.org.apache.xml.internal:resolver:20050927" level="project" />
<orderEntry type="library" name="Maven: org.apache.maven:maven-plugin-api:2.2.1" level="project" />
<orderEntry type="library" name="Maven: org.apache.maven:maven-project:2.2.1" level="project" />
<orderEntry type="library" name="Maven: org.apache.maven:maven-settings:2.2.1" level="project" />
@@ -111,6 +98,7 @@
<orderEntry type="library" name="Maven: org.apache.maven:maven-plugin-registry:2.2.1" level="project" />
<orderEntry type="library" name="Maven: org.jfrog.maven.annomojo:maven-plugin-anno:1.3.1" level="project" />
<orderEntry type="library" name="Maven: org.jvnet.jaxb2.maven2:maven-jaxb22-plugin:0.8.0" level="project" />
+ <orderEntry type="library" name="Maven: com.sun.xml.bind:jaxb-impl:2.2.5" level="project" />
<orderEntry type="library" name="Maven: com.sun.xml.bind:jaxb-xjc:2.2.4-1" level="project" />
<orderEntry type="library" name="Maven: mysql:mysql-connector-java:5.1.25" level="project" />
<orderEntry type="module" module-name="moa-common" scope="TEST" production-on-test="" />
@@ -120,6 +108,7 @@
<orderEntry type="library" name="Maven: org.apache.axis:axis-saaj:1.4" level="project" />
<orderEntry type="library" name="Maven: axis:axis-wsdl4j:1.5.1" level="project" />
<orderEntry type="library" name="Maven: commons-discovery:commons-discovery:0.2" level="project" />
+ <orderEntry type="library" name="Maven: javax.activation:activation:1.1" level="project" />
<orderEntry type="library" name="Maven: javax.mail:mail:1.4" level="project" />
<orderEntry type="library" scope="RUNTIME" name="Maven: postgresql:postgresql:7.2" level="project" />
<orderEntry type="library" scope="PROVIDED" name="Maven: javax.servlet:servlet-api:2.4" level="project" />
@@ -145,6 +134,8 @@
<orderEntry type="library" name="Maven: iaik:iaik_ssl:4.4" level="project" />
<orderEntry type="library" name="Maven: iaik:w3c_http:1.0" level="project" />
<orderEntry type="library" name="Maven: org.xerial:sqlite-jdbc:3.7.8-SNAPSHOT" level="project" />
+ <orderEntry type="library" name="Maven: stax:stax-api:1.0.1" level="project" />
+ <orderEntry type="library" name="Maven: javax.xml.bind:jaxb-api:2.2.6" level="project" />
<orderEntry type="library" name="Maven: iaik.prod:iaik_util:0.23" level="project" />
<orderEntry type="library" name="Maven: iaik.prod:iaik_xsect:1.1709142" level="project" />
<orderEntry type="library" name="Maven: iaik.prod:iaik_jsse:4.4" level="project" />
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index cca543a26..82a42cb8c 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -151,7 +151,33 @@
<!-- should be in the ext directory of the jre -->
<scope>provided</scope>
</dependency>
-
+
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <version>1.7.5</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <version>1.7.5</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ <version>1.7.5</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ <version>1.7.5</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jul-to-slf4j</artifactId>
+ <version>1.7.5</version>
+ </dependency>
<dependency>
<groupId>junit</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index ce5aa15c3..6f6d9611a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -125,7 +125,7 @@ import at.gv.util.xsd.srzgw.MISType;
import at.gv.util.xsd.srzgw.MISType.Filters;
import eu.stork.oasisdss.api.AdditionalProfiles;
import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.api.ApiUtilsException;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
import eu.stork.oasisdss.api.Profiles;
import eu.stork.oasisdss.api.QualityLevels;
import eu.stork.oasisdss.api.SignatureTypes;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index bd87737ed..226d05520 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -2,19 +2,19 @@
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
+ *
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
@@ -46,91 +46,141 @@
package at.gv.egovernment.moa.id.auth.builder;
-import java.security.MessageDigest;
-
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
+import java.security.MessageDigest;
+
/**
* Builder for the bPK, as defined in
* <code>&quot;Ableitung f&uml;r die bereichsspezifische Personenkennzeichnung&quot;</code>
* version <code>1.0.1</code> from <code>&quot;reference.e-government.gv.at&quot;</code>.
- *
+ *
* @author Paul Schamberger
* @version $Id$
*/
public class BPKBuilder {
- /**
- * Builds the bPK from the given parameters.
- * @param identificationValue Base64 encoded "Stammzahl"
- * @param target "Bereich lt. Verordnung des BKA"
- * @return bPK in a BASE64 encoding
- * @throws BuildException if an error occurs on building the bPK
- */
- public String buildBPK(String identificationValue, String target)
- throws BuildException {
-
- if ((identificationValue == null ||
- identificationValue.length() == 0 ||
- target == null ||
- target.length() == 0))
- {
- throw new BuildException("builder.00",
- new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" +
- identificationValue + ",target=" + target});
+ /**
+ * Builds the bPK from the given parameters.
+ *
+ * @param identificationValue Base64 encoded "Stammzahl"
+ * @param target "Bereich lt. Verordnung des BKA"
+ * @return bPK in a BASE64 encoding
+ * @throws BuildException if an error occurs on building the bPK
+ */
+ public String buildBPK(String identificationValue, String target)
+ throws BuildException {
+
+ if ((identificationValue == null ||
+ identificationValue.length() == 0 ||
+ target == null ||
+ target.length() == 0)) {
+ throw new BuildException("builder.00",
+ new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" +
+ identificationValue + ",target=" + target});
+ }
+ String basisbegriff;
+ if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
+ basisbegriff = identificationValue + "+" + target;
+ else
+ basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
+
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-1");
+ byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
+ String hashBase64 = Base64Utils.encode(hash);
+ return hashBase64;
+ } catch (Exception ex) {
+ throw new BuildException("builder.00", new Object[]{"bPK", ex.toString()}, ex);
+ }
}
- String basisbegriff;
- if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
- basisbegriff = identificationValue + "+" + target;
- else
- basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
-
- try {
- MessageDigest md = MessageDigest.getInstance("SHA-1");
- byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
- String hashBase64 = Base64Utils.encode(hash);
- return hashBase64;
- } catch (Exception ex) {
- throw new BuildException("builder.00", new Object[] {"bPK", ex.toString()}, ex);
+
+ /**
+ * Builds the wbPK from the given parameters.
+ *
+ * @param identificationValue Base64 encoded "Stammzahl"
+ * @param registerAndOrdNr type of register + "+" + number in register.
+ * @return wbPK in a BASE64 encoding
+ * @throws BuildException if an error occurs on building the wbPK
+ */
+ public String buildWBPK(String identificationValue, String registerAndOrdNr)
+ throws BuildException {
+
+ if ((identificationValue == null ||
+ identificationValue.length() == 0 ||
+ registerAndOrdNr == null ||
+ registerAndOrdNr.length() == 0)) {
+ throw new BuildException("builder.00",
+ new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
+ identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
+ }
+
+ String basisbegriff;
+ if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+"))
+ basisbegriff = identificationValue + "+" + registerAndOrdNr;
+ else
+ basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
+
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-1");
+ byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
+ String hashBase64 = Base64Utils.encode(hash);
+ return hashBase64;
+ } catch (Exception ex) {
+ throw new BuildException("builder.00", new Object[]{"wbPK", ex.toString()}, ex);
+ }
}
- }
-
- /**
- * Builds the wbPK from the given parameters.
- * @param identificationValue Base64 encoded "Stammzahl"
- * @param registerAndOrdNr type of register + "+" + number in register.
- * @return wbPK in a BASE64 encoding
- * @throws BuildException if an error occurs on building the wbPK
- */
- public String buildWBPK(String identificationValue, String registerAndOrdNr)
- throws BuildException {
-
- if ((identificationValue == null ||
- identificationValue.length() == 0 ||
- registerAndOrdNr == null ||
- registerAndOrdNr.length() == 0))
- {
- throw new BuildException("builder.00",
- new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
- identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
+
+ /**
+ * Builds the storkeid from the given parameters.
+ *
+ * @param identificationValue Base64 encoded "Stammzahl"
+ * @param destinationCountry destination country code (2 chars)
+ * @return storkid in a BASE64 encoding
+ * @throws BuildException if an error occurs on building the wbPK
+ */
+ public String buildStorkbPK(String identificationValue, String destinationCountry)
+ throws BuildException {
+ return buildStorkbPK(identificationValue, "AT", destinationCountry);
}
-
- String basisbegriff;
- if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+" ))
- basisbegriff = identificationValue + "+" + registerAndOrdNr;
- else
- basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
-
- try {
- MessageDigest md = MessageDigest.getInstance("SHA-1");
- byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
- String hashBase64 = Base64Utils.encode(hash);
- return hashBase64;
- } catch (Exception ex) {
- throw new BuildException("builder.00", new Object[] {"wbPK", ex.toString()}, ex);
+
+
+ /**
+ * Builds the storkeid from the given parameters.
+ *
+ * @param identificationValue Base64 encoded "Stammzahl"
+ * @param sourceCountry source country code (2 chars)
+ * @param destinationCountry destination country code (2 chars)
+ * @return storkid in a BASE64 encoding
+ * @throws BuildException if an error occurs on building the wbPK
+ */
+ public String buildStorkbPK(String identificationValue, String sourceCountry, String destinationCountry)
+ throws BuildException {
+
+ if ((identificationValue == null ||
+ identificationValue.length() == 0 ||
+ destinationCountry == null ||
+ destinationCountry.length() == 0 ||
+ sourceCountry == null ||
+ sourceCountry.length() == 0)) {
+ throw new BuildException("builder.00",
+ new Object[]{"storkid", "Unvollständige Parameterangaben: identificationValue=" +
+ identificationValue + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry});
+ }
+
+ String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry;
+
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-1");
+ byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
+ String hashBase64 = Base64Utils.encode(hash);
+ return hashBase64;
+ } catch (Exception ex) {
+ throw new BuildException("builder.00", new Object[]{"storkid", ex.toString()}, ex);
+ }
}
- }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index d655dc7f2..4dec2c32e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -68,6 +68,12 @@ public class STORKConfig {
//List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = new ArrayList<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS>(); // TODO Change this
+ try {
+ cpeps = stork.getCPEPS();
+ } catch (NullPointerException ex) {
+ Logger.error("CPEPS not configured!");
+ }
+
cpepsMap = new HashMap<String, CPEPS>();
if (cpeps != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 3af8bcfe5..647c8bb39 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -491,7 +491,7 @@ public class DispatcherServlet extends AuthServlet{
}
} catch (Throwable e) {
- Logger.info("An authentication error occous: " + e.getMessage());;
+ Logger.info("An authentication error occured: " + e.getMessage());;
// Try handle module specific, if not possible rethrow
if (!info.generateErrorMessage(e, req, resp, protocolRequest)) {
throw e;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
index 65634bed3..b6fe20a61 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
@@ -2,19 +2,19 @@
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
+ *
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
@@ -46,98 +46,120 @@
package at.gv.egovernment.moa.id.iaik.config;
-import java.io.File;
-
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.logging.Logger;
import iaik.pki.store.certstore.CertStoreConfiguration;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.certstore.CertStoreTypes;
import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+import java.io.File;
+
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ *
* @author Paul Ivancsics
* @version $Id$
*/
-public class CertStoreConfigurationImpl extends ObservableImpl
- implements CertStoreConfiguration, DirectoryCertStoreParameters {
- /** identifies the rootDirectory */
- private String rootDirectory;
- /** ConfigurationProvider */
- private ConfigurationProvider conf;
- /** Array for storing all CertStoreParameters */
- private CertStoreParameters[] parameters;
-
- /**
- * Create a new <code>CertStoreConfigurationImpl</code>.
- *
- * @param conf The MOA configuration from which the configuration data is
- * @throws ConfigurationException an any config-error
- * being read.
- */
- public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
- this.conf=conf;
-
- String certStoreRootDirParam = conf.getCertstoreDirectory();
-
- if (certStoreRootDirParam == null)
- throw new ConfigurationException(
- "config.08", new Object[] {"CertStoreDirectory"});
-
- rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
- if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6);
- File f = new File(rootDirectory);
- if (!f.isDirectory())
- throw new ConfigurationException(
- "config.05", new Object[] {"CertStoreDirectory"});
-
- parameters = new CertStoreParameters[] { this };
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
- */
- public CertStoreParameters[] getParameters() {
- return parameters;
- }
-
- /**
- * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
- */
- public String getRootDirectory() {
- return rootDirectory;
- }
-
- /**
- * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
- */
- public boolean createNew() {
- return false;
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreParameters#getId()
- */
- public String getId() {
- return "MOA ID Directory CertStore";
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
- */
- public boolean isReadOnly() {
- return false;
- }
-
- /**
- * @return <code>CertStoreTypes.DIRECTORY</code>
- * @see iaik.pki.store.certstore.CertStoreParameters#getType()
- */
- public String getType() {
- return CertStoreTypes.DIRECTORY;
- }
+public class CertStoreConfigurationImpl extends ObservableImpl
+ implements CertStoreConfiguration, DirectoryCertStoreParameters {
+ /**
+ * identifies the rootDirectory
+ */
+ private String rootDirectory;
+ /**
+ * ConfigurationProvider
+ */
+ private ConfigurationProvider conf;
+ /**
+ * Array for storing all CertStoreParameters
+ */
+ private CertStoreParameters[] parameters;
+
+ /**
+ * Create a new <code>CertStoreConfigurationImpl</code>.
+ *
+ * @param conf The MOA configuration from which the configuration data is
+ * @throws ConfigurationException an any config-error
+ * being read.
+ */
+ public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
+ this.conf = conf;
+
+ String certStoreRootDirParam = conf.getCertstoreDirectory();
+
+ if (certStoreRootDirParam == null)
+ throw new ConfigurationException(
+ "config.08", new Object[]{"CertStoreDirectory"});
+
+ //rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
+ rootDirectory = certStoreRootDirParam;
+ Logger.error("Using file: " + rootDirectory);
+ if (rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(5);
+ Logger.error("Using file2: " + rootDirectory);
+
+ File f = new File(rootDirectory);
+ //Logger.error("Using file: " + certStoreRootDirParam + " param: " + conf.getRootConfigFileDir());
+
+ if (!f.exists()) {
+ Logger.error("File does not exists: " + f.getAbsolutePath());
+ throw new ConfigurationException(
+ "config.05", new Object[]{"CertStoreDirectory"});
+ }
+
+ if (!f.isDirectory()) {
+ Logger.error("File is not a directory: " + f.getAbsolutePath());
+ throw new ConfigurationException(
+ "config.05", new Object[]{"CertStoreDirectory"});
+ }
+
+
+ parameters = new CertStoreParameters[]{this};
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
+ */
+ public CertStoreParameters[] getParameters() {
+ return parameters;
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
+ */
+ public String getRootDirectory() {
+ return rootDirectory;
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
+ */
+ public boolean createNew() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.CertStoreParameters#getId()
+ */
+ public String getId() {
+ return "MOA ID Directory CertStore";
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
+ */
+ public boolean isReadOnly() {
+ return false;
+ }
+
+ /**
+ * @return <code>CertStoreTypes.DIRECTORY</code>
+ * @see iaik.pki.store.certstore.CertStoreParameters#getType()
+ */
+ public String getType() {
+ return CertStoreTypes.DIRECTORY;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
index 6fba91fde..d92b0b72f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
@@ -52,4 +52,5 @@ public interface AttributeProvider {
*/
public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException;
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java
index 23edf69f9..953758dc3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java
@@ -1,59 +1,61 @@
package at.gv.egovernment.moa.id.protocols.stork2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+
import java.util.ArrayList;
import java.util.List;
-import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
-
/**
* A factory for creating AttributeProvider objects.
*/
public class AttributeProviderFactory {
- /**
- * Gets the available plugins.
- *
- * @return the available plugins
- */
- public static List<String> getAvailablePlugins() {
- List<String> result = new ArrayList<String>();
- result.add("StorkAttributeRequestProvider");
- result.add("EHvdAttributeProvider");
-
- return result;
- }
-
- /**
- * Creates an AttributeProvider object for the given shortname. Returns
- * {@code null} if there is no such provider available.
- *
- * @param shortname
- * the simpleName for the providers class
- * @return the attribute provider
- */
- public static AttributeProvider create(String shortname, String url) {
- if (shortname.equals("StorkAttributeRequestProvider")) {
- return new StorkAttributeRequestProvider(url);
- } else if(shortname.equals("EHvdAttributeProvider")) {
- return new EHvdAttributeProviderPlugin(url);
- } else {
- return null;
- }
- }
-
- /**
- * Gets fresh instances of the configured plugins.
- *
- * @param configuredAPs the configured a ps
- * @return the configured plugins
- */
- public static List<AttributeProvider> getConfiguredPlugins(
- List<AttributeProviderPlugin> configuredAPs) {
-
- List<AttributeProvider> result = new ArrayList<AttributeProvider>();
- for(AttributeProviderPlugin current : configuredAPs)
- result.add(create(current.getName(), current.getUrl()));
-
- return result;
- }
+ /**
+ * Gets the available plugins.
+ *
+ * @return the available plugins
+ */
+ public static List<String> getAvailablePlugins() {
+ List<String> result = new ArrayList<String>();
+ result.add("StorkAttributeRequestProvider");
+ result.add("EHvdAttributeProvider");
+ result.add("MISAttributeProvider");
+
+ return result;
+ }
+
+ /**
+ * Creates an AttributeProvider object for the given shortname. Returns
+ * {@code null} if there is no such provider available.
+ *
+ * @param shortname the simpleName for the providers class
+ * @return the attribute provider
+ */
+ public static AttributeProvider create(String shortname, String url) {
+ if (shortname.equals("StorkAttributeRequestProvider")) {
+ return new StorkAttributeRequestProvider(url);
+ } else if (shortname.equals("EHvdAttributeProvider")) {
+ return new EHvdAttributeProviderPlugin(url);
+ } else if (shortname.equals("MISAttributeProvider")) {
+ return new MISAttributeProvider(url);
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Gets fresh instances of the configured plugins.
+ *
+ * @param configuredAPs the configured a ps
+ * @return the configured plugins
+ */
+ public static List<AttributeProvider> getConfiguredPlugins(
+ List<AttributeProviderPlugin> configuredAPs) {
+
+ List<AttributeProvider> result = new ArrayList<AttributeProvider>();
+ for (AttributeProviderPlugin current : configuredAPs)
+ result.add(create(current.getName(), current.getUrl()));
+
+ return result;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 1f6ffaa9a..18d0b479e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -1,161 +1,168 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
-import org.apache.velocity.VelocityContext;
+import eu.stork.peps.auth.commons.*;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
-import org.opensaml.xml.util.Base64;
-import org.opensaml.xml.util.XMLHelper;
-import javax.servlet.ServletOutputStream;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
-import java.util.HashMap;
-import eu.stork.peps.auth.engine.SAMLEngine;
+
/**
+ * Second request step - after authentication of the user is done and moasession obtained,
+ * process request and forward the user further to PEPS and/or other entities
+ *
* @author bsuzic
- * Date: 12/3/13, Time: 2:08 PM
*/
public class AuthenticationRequest implements IAction {
- /*
- Second request step - after authentication of the user is done and moasession obtained,
- process request and forward the user further to PEPS and/or other entities
- */
private VelocityEngine velocityEngine;
+ private AuthenticationSession moaSession = null;
+ private MOASTORKRequest moaStorkRequest = null;
public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
- Logger.debug("Starting AuthenticationRequest");
- //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession);
- Logger.debug("Http Response: " + httpResp.toString() + ", ");
- Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget());
- httpResp.reset();
- //httpResp.addHeader("Location", "http:/www.google.com");
- if (req instanceof STORKAuthnRequestDEL) {
- /*
- Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel());
- StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest());
-
- HttpSession httpSession = httpReq.getSession();
- httpSession.setAttribute("STORKSessionID", "12345");
- httpResp.setStatus(startAuthResponse.getHttpStatusCode());
- try {
- ServletOutputStream os = httpResp.getOutputStream();
- String html = new String(startAuthResponse.getContent());
-
-
- if (html.contains("<![CDATA[")) {
- Logger.info("-------- content contains <![CDATA[-----------------");
- Logger.info("-------- content contains html -----------------");
- Logger.info("HTML : " + html);
- int beginIndex = html.indexOf("<![CDATA[");
- int endIndex = html.indexOf("]]>");
- html = html.substring(beginIndex + 9, endIndex);
- startAuthResponse.setContent(html.getBytes());
- }
- Logger.info("HTML : " + html);
- os.write(startAuthResponse.getContent());
- Logger.info("Response sent to client");
- } catch (IOException e) {
- Logger.error("ERROR MOA");
- throw new MOAIDException("error response sending", new Object[]{});
- }
- //httpSession.setAttribute("CCC", ccc);
+ this.moaSession = moasession;
- */
- }
+ if (req instanceof MOASTORKRequest) {
+ this.moaStorkRequest = (MOASTORKRequest) req;
- //httpResp.setStatus(200);
- //VPEPSInboundPostHandler
-
- // create fresh container
- DataContainer container = new DataContainer();
-
- // - fill in the request we extracted above
- container.setRequest(request);
-
- // - fill in the partial response created above
- container.setResponse(response);
-
- // - memorize the target url were we have to return the result
- container.setTarget(target);
-
- // see if we need to fetch further attributes
- return (new AttributeCollector()).processRequest(container);
- }
+ Logger.debug("Entering MOASTORKRequest");
+ httpResp.reset();
- public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
- return true;
- }
+ // check if it is attribute query
+ if (moaStorkRequest.isAttrRequest()) {
+ Logger.debug("Starting AttrQueryRequest");
+ STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse();
+ IPersonalAttributeList personalAttributeList = moaStorkRequest.getStorkAttrQueryRequest().getPersonalAttributeList();
+
+ // TODO Check if this instance is eligible to fetch attributes locally, assuming yes
+
+ return (new AttributeCollector()).processRequest(req, httpReq, httpResp, moasession);
+
+ } else
+ // check if we have authentication request
+ if (moaStorkRequest.isAuthnRequest()) {
+ Logger.debug("Starting AuthenticationRequest");
+
+ STORKAuthnResponse authnResponse = new STORKAuthnResponse();
+ authnResponse.setCountry(moaStorkRequest.getStorkAuthnRequest().getSpCountry());
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+
+ // Get personal attributtes from MOA/IdentityLink
+ authnResponse.setPersonalAttributeList(populateAttributes());
+
+ // Prepare extended attributes
+ Logger.debug("Preparing data container");
+
+ // create fresh container
+ DataContainer container = new DataContainer();
+
+ // - fill in the request we extracted above
+ container.setRequest(moaStorkRequest.getStorkAuthnRequest());
+ // - fill in the partial response created above
+ container.setResponse(authnResponse);
- /*
+ // - memorize the target url were we have to return the result
+ container.setTarget(moaStorkRequest.getStorkAuthnRequest().getAssertionConsumerServiceURL());
- public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) {
+ container.setRemoteAddress(httpReq.getRemoteAddr());
- StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap<String, String>());
- if (authnRequest.getSPID() != null) {
- Logger.debug("SP id: " + authnRequest.getSPID());
+ Logger.debug("Data container prepared");
+
+ return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
+
+ }
} else {
- SpInstitution spInstitution = (SpInstitution)authnRequest.getExtensions().getUnknownXMLObjects(SpInstitution.DEFAULT_ELEMENT_NAME).get(0);
- Logger.debug("SP institution: " + spInstitution.getValue());
+ Logger.error("Could not recognize request.");
+ throw new MOAIDException("stork.15", null);
}
- Logger.debug("SPEPS issuer: " + authnRequest.getIssuer().getValue());
- Logger.debug("SPEPS Consumer URL: " + authnRequest.getAssertionConsumerServiceURL());
+ return null;
+ }
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ return true;
+ }
- try {
+ private void iterate(NamedNodeMap attributesList) {
+ for (int j = 0; j < attributesList.getLength(); j++) {
+ Logger.debug("--Attribute: "
+ + attributesList.item(j).getNodeName() + " = "
+ + attributesList.item(j).getNodeValue());
+ }
+ }
- initVelocityEngine();
- VelocityContext velocityContext = new VelocityContext();
- velocityContext.put("action", authnRequest.getDestination());
- if (authnRequest.getDOM() == null) {
- SAMLUtil.marshallMessage(authnRequest);
+ // does nothing
+ public void mandate(AuthenticationSession moasession) {
+
+ if (moasession.getUseMandate()) {
+ try {
+ MISMandate mandate = moasession.getMISMandate();
+ String owbpk = mandate.getOWbPK();
+ byte[] mand = mandate.getMandate();
+ String profprep = mandate.getProfRep();
+ //String textdesc = mandate.getTextualDescriptionOfOID();
+ Element mndt = moasession.getMandate();
+
+ iterate(mndt.getAttributes());
+ Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
+ } catch (Exception x) {
+ Logger.debug("There is no mandate used in transaction");
}
+ }
- String messageXML = XMLHelper.nodeToString(authnRequest.getDOM());
- String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
- velocityContext.put("SAMLRequest", encodedMessage);
- ByteArrayOutputStream outStream = new ByteArrayOutputStream();
- Writer out = new OutputStreamWriter(outStream, "UTF-8");
- velocityEngine.mergeTemplate("/templates/saml2-post-binding.vm", "UTF-8", velocityContext, out);
- out.flush();
- authResponse.setContent(outStream.toByteArray());
+ }
+
+ public PersonalAttributeList populateAttributes() {
- authResponse.addHeader("Content-Type", "text/html; charset=utf-8");
- authResponse.addHeader("Cache-Control", "no-cache");
- authResponse.setHttpStatusCode(200);
+ IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
+ Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
+ // Define attribute list to be populated
+ PersonalAttributeList attributeList = new PersonalAttributeList();
+ MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest);
+
+ try {
+ for (PersonalAttribute personalAttribute : attrLst) {
+ Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
+ moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
+ }
} catch (Exception e) {
- Logger.error("ERROR");
+ Logger.error("Exception, attributes: " + e.getMessage());
}
+ Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock());
+ Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName());
+ Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier());
+ Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken());
- return authResponse;
+ return attributeList;
}
- */
-
public String getDefaultActionName() {
return STORKProtocol.AUTHENTICATIONREQUEST;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java
index 669a9389b..9c0869d97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java
@@ -20,7 +20,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
*/
- @Override
public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession)
throws UnsupportedAttributeException {
PersonalAttributeList requestedAttributes = new PersonalAttributeList(1);
@@ -31,7 +30,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
*/
- @Override
public IPersonalAttributeList parse(HttpServletRequest httpReq) {
// TODO Auto-generated method stub
return null;
@@ -40,7 +38,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
- @Override
public void performRedirect(String url, String citizenCountyCode,
HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) {
// we should not get here
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java
index 2f6b69075..26fc00406 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java
@@ -20,7 +20,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
*/
- @Override
public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession)
throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {
throw new ExternalAttributeRequestRequiredException(this);
@@ -29,7 +28,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
*/
- @Override
public IPersonalAttributeList parse(HttpServletRequest httpReq) {
PersonalAttributeList requestedAttributes = new PersonalAttributeList(1);
requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList<String>(), ""));
@@ -39,7 +37,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
- @Override
public void performRedirect(String url, String citizenCountyCode,
HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) {
// we should not get here
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
index 4404af4e3..758b70f2d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
@@ -55,7 +55,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute)
*/
- @Override
public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession)
throws UnsupportedAttributeException,
ExternalAttributeRequestRequiredException, MOAIDException {
@@ -203,8 +202,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter)
*/
- @Override
- public void performRedirect(String url, String spCountyCode,
+ public void performRedirect(String url, String citizenCountyCode,
HttpServletRequest req, HttpServletResponse resp,
OAAuthParameter oaParam) throws MOAIDException {
// there is no redirect required
@@ -213,7 +211,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
*/
- @Override
public IPersonalAttributeList parse(HttpServletRequest httpReq)
throws UnsupportedAttributeException, MOAIDException {
// there is no redirect required, so we throw an exception when someone asks us to parse a response
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java
new file mode 100644
index 000000000..ec38db513
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java
@@ -0,0 +1,47 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Implements Attribute Provider for Mandates
+ */
+public class MISAttributeProvider implements AttributeProvider {
+
+ String url = null;
+
+ public MISAttributeProvider(String url) {
+ this.url = url;
+ }
+
+ public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
+ Logger.error("Entering MIS for attribute: " + attributes.getName());
+
+ if (attributes.getName().equals("residencePermit")) {
+ Logger.error("MIS EXCEPTION: " + attributes.getName());
+ //throw new ExternalAttributeRequestRequiredException(this);
+ }
+
+ return null; //
+ }
+
+ public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException {
+ Logger.error("Entering MIS redirect for attribute: " );
+
+ }
+
+ public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException {
+ return null; //
+ }
+
+ public String getName() {
+ return "MandateProvider";
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
new file mode 100644
index 000000000..d89fb8cb2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -0,0 +1,105 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author bsuzic
+ * Date: 2/19/14, Time: 4:42 PM
+ */
+public class MOAAttributeProvider {
+ private final IdentityLink identityLink;
+ private static final Map<String, String> storkAttributeSimpleMapping;
+ private static final Map<String, String> storkAttributeFunctionMapping;
+ private final MOASTORKRequest moastorkRequest;
+
+ static {
+ Map<String, String> tempSimpleMap = new HashMap<String, String>();
+ tempSimpleMap.put("givenName", "getGivenName");
+ tempSimpleMap.put("surname", "getFamilyName");
+ tempSimpleMap.put("dateOfBirth", "getDateOfBirth");
+ storkAttributeSimpleMapping = Collections.unmodifiableMap(tempSimpleMap);
+ Map<String, String> tempFunctionMap = new HashMap<String, String>();
+ tempFunctionMap.put("eIdentifier", "geteIdentifier");
+ storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap);
+ }
+
+ public MOAAttributeProvider(IdentityLink identityLink, MOASTORKRequest moastorkRequest) {
+ this.identityLink = identityLink;
+ this.moastorkRequest = moastorkRequest;
+ Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue());
+ }
+
+ public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) {
+ String storkAttribute = requestedAttribute.getName();
+
+ if (storkAttributeSimpleMapping.containsKey(storkAttribute)) {
+ Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]");
+ try {
+ Method method = identityLink.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute));
+ populateAttributeWithMethod(method, identityLink, attributeList, storkAttribute, requestedAttribute.isRequired());
+ } catch (NoSuchMethodException e) {
+ Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute);
+ e.printStackTrace();
+ }
+
+ } else if (storkAttributeFunctionMapping.containsKey(storkAttribute)) {
+
+ Logger.debug("Trying to get value for attribute using function mapping [" + storkAttribute + "]");
+ try {
+ Method method = this.getClass().getDeclaredMethod(storkAttributeFunctionMapping.get(storkAttribute));
+ populateAttributeWithMethod(method, this, attributeList, storkAttribute, requestedAttribute.isRequired());
+ } catch (NoSuchMethodException e) {
+ Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute);
+ e.printStackTrace();
+ }
+ } else {
+ Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined.");
+ }
+ }
+
+ private String geteIdentifier() {
+ Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry());
+ try {
+ return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkRequest.getStorkAuthnRequest().getSpCountry());
+ } catch (BuildException be) {
+ Logger.error("Stork eid could not be constructed; " + be.getMessage());
+ return null; // TODO error
+ }
+ }
+
+
+ private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) {
+ try {
+ String attributeValue = method.invoke(object, new Class[]{}).toString();
+ PersonalAttribute newAttribute = new PersonalAttribute();
+ newAttribute.setName(storkAttribute);
+
+ newAttribute.setStatus("Available");
+ newAttribute.setIsRequired(isRequired);
+ Logger.debug("Got attribute value: " + attributeValue);
+ newAttribute.setValue(new ArrayList<String>(edu.emory.mathcs.backport.java.util.Collections.singletonList(attributeValue)));
+ attributeList.add(newAttribute);
+ } catch (InvocationTargetException e) {
+ Logger.error("Invocation target exception while getting attribute: " + storkAttribute);
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ Logger.error("Illegal access exception while getting attribute: " + storkAttribute);
+ e.printStackTrace();
+ }
+ }
+
+
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
new file mode 100644
index 000000000..39a6907c1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -0,0 +1,105 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+
+/**
+ * Implements MOA request and stores StorkAuthn/Attr-Request related data
+ *
+ * @author bsuzic
+ */
+
+public class MOASTORKRequest implements IRequest {
+ private String requestID;
+ private String target = null;
+ String module = null;
+ String action = null;
+ private STORKAuthnRequest storkAuthnRequest;
+ private STORKAttrQueryRequest storkAttrQueryRequest;
+ private boolean isAttrRequest = false;
+ private boolean isAuthnRequest = false;
+
+ public void setSTORKAuthnRequest(STORKAuthnRequest request) {
+ this.storkAuthnRequest = request;
+ if (request != null) {
+ isAuthnRequest = true;
+ }
+ }
+
+ public void setSTORKAttrRequest(STORKAttrQueryRequest request) {
+ this.storkAttrQueryRequest = request;
+ if (request != null) {
+ isAttrRequest = true;
+ }
+ }
+
+ public boolean isAttrRequest() {
+ return this.isAttrRequest;
+ }
+
+ public boolean isAuthnRequest() {
+ return this.isAuthnRequest;
+ }
+
+
+ public STORKAuthnRequest getStorkAuthnRequest() {
+ return this.storkAuthnRequest;
+ }
+
+ public STORKAttrQueryRequest getStorkAttrQueryRequest() {
+ return this.storkAttrQueryRequest;
+ }
+
+ public String getOAURL() { // TODO CHECK IT
+ if (isAuthnRequest)
+ return storkAuthnRequest.getAssertionConsumerServiceURL();
+ else if (isAttrRequest)
+ return storkAttrQueryRequest.getAssertionConsumerServiceURL();
+ else {
+ Logger.error("There is no authentication or attribute request contained in MOASTORKRequest.");
+ return null;
+ }
+ }
+
+ public boolean isPassiv() {
+ return false;
+ }
+
+ public boolean forceAuth() {
+ return false;
+ }
+
+ public boolean isSSOSupported() {
+ return false;
+ }
+
+ public String requestedModule() {
+ return this.module;
+ }
+
+ public String requestedAction() {
+ return action;
+ }
+
+ public void setModule(String module) {
+ this.module = module;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public String getTarget() {
+ return this.target;
+ }
+
+ public void setRequestID(String id) {
+ this.requestID = id;
+ }
+
+ public String getRequestID() {
+ return this.requestID;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
new file mode 100644
index 000000000..bad711dbb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import com.sun.xml.ws.security.trust.WSTrustConstants;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Processes mandate data after authentication is done in AT
+ * @author bsuzic
+ */
+public class MandateRetrievalRequest implements IAction {
+ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ return null; //
+ }
+
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ return true;
+ }
+
+ public String getDefaultActionName() {
+ return STORKProtocol.MANDATERETRIEVALREQUEST;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java
deleted file mode 100644
index 54072b6a3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java
+++ /dev/null
@@ -1,105 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.stork2;
-
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
-import org.opensaml.ws.transport.http.HTTPInTransport;
-
-
-/**
- * @author bsuzic
- * Date: 1/22/14, Time: 5:30 PM
- */
-public class STORKAuthnReq implements IRequest {
- private String requestID;
- private String target = null;
- String module = null;
- String action = null;
- private STORKAuthnRequest storkAuthnRequest;
-
- public void setSTORKAuthnRequest(STORKAuthnRequest request) {
- this.storkAuthnRequest = request;
- }
-
- public STORKAuthnRequest getStorkAuthnRequest() {
- return this.storkAuthnRequest;
- }
-
- public void createStorkReq(HTTPInTransport profileReq) {
- Logger.debug("Generate stork request test...");
- storkAuthnRequest = new STORKAuthnRequest();
-
- BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext();
- samlMessageContext.setInboundMessageTransport(profileReq);
-
- HTTPPostDecoder postDecoder = new HTTPPostDecoder();
- postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator
-
- try {
- Logger.debug("Attempting to decode request...");
- postDecoder.decode(samlMessageContext);
- } catch (Exception e) {
- Logger.error("Error decoding STORKAuthnRequest", e);
- }
-
-
-
- //storkAuthnRequest = (STORKAuthnRequest)samlMessageContext.getInboundSAMLMessage();
- //samlMessageContext.getinbound
- //storkAuthnRequest.set
-
-
-
- }
-
-
-
- public String getOAURL() {
- return "https://sp:8889/SP"; //
- }
-
- public boolean isPassiv() {
- return false; //
- }
-
- public boolean forceAuth() {
- return false; //
- }
-
- public boolean isSSOSupported() {
- return false; //
- }
-
- public String requestedModule() {
- return this.module; //
- }
-
- public String requestedAction() {
- return action; //
- }
-
- public void setModule(String module) {
- this.module = module;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public String getTarget() {
- return this.target; //
- }
-
- public void setRequestID(String id) {
- this.requestID = id;
- }
-
- public String getRequestID() {
- return this.requestID; //
- }
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java
deleted file mode 100644
index c8a5ac84d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java
+++ /dev/null
@@ -1,71 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.stork2;
-
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import org.opensaml.common.xml.SAMLConstants;
-
-/**
- * @author bsuzic
- * Date: 12/4/13, Time: 6:31 PM
- */
-//public class STORKAuthnRequestDEL extends STORKAuthnRequestImpl implements IRequest {
-
-public class STORKAuthnRequestDEL implements IRequest {
- private String requestID;
- private String target = null;
- String module = null;
- String action = null;
- private STORKAuthnRequest storkAuthnRequest;
-
- public void setSTORKAuthnRequest(STORKAuthnRequest request) {
- this.storkAuthnRequest = request;
- }
-
- public STORKAuthnRequest getStorkAuthnRequest() {
- return this.storkAuthnRequest;
- }
-
- public String getOAURL() {
- return "https://sp:8889/SP"; //
- }
-
- public boolean isPassiv() {
- return false; //
- }
-
- public boolean forceAuth() {
- return false; //
- }
-
- public boolean isSSOSupported() {
- return false; //
- }
-
- public String requestedModule() {
- return this.module; //
- }
-
- public String requestedAction() {
- return action; //
- }
-
- public void setModule(String module) {
- this.module = module;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public String getTarget() {
- return this.target; //
- }
-
- public void setRequestID(String id) {
- this.requestID = id;
- }
-
- public String getRequestID() {
- return this.requestID; //
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 01f0079ca..4806edde6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -6,28 +6,23 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.peps.auth.commons.PEPSUtil;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.commons.*;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.ws.transport.http.HTTPInTransport;
import org.opensaml.ws.transport.http.HTTPOutTransport;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.util.Collections;
import java.util.HashMap;
/**
* Stork 2 Protocol Support
- * Date: 11/29/13, Time: 12:32 PM
+ *
* @author bsuzic
*/
public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
@@ -36,7 +31,8 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
public static final String PATH = "id_stork2";
public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
- public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector";
+ public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector";
+ public static final String MANDATERETRIEVALREQUEST = "MandateRetrievalRequest";
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
@@ -64,7 +60,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
}
public STORKProtocol() {
- super(); //
+ super();
}
/*
@@ -73,22 +69,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
*/
public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException {
Logger.debug("Starting preprocessing");
- Logger.debug("Got request: " + request.toString());
Logger.debug("Request method: " + request.getMethod());
- for (Object o : Collections.list(request.getHeaderNames())) {
- Logger.debug("Request header: " + o.toString() + ":::" + request.getHeader(o.toString()));
- }
- for (Object o : Collections.list(request.getParameterNames())) {
- Logger.debug("Request parameter: " + o.toString() + "::::" + request.getParameter(o.toString()));
- }
-
Logger.debug("Request content length: " + request.getContentLength());
- Logger.debug("Request query: " + request.getQueryString());
- Logger.debug("Response: " + response.toString());
- Logger.debug("Action: " + action);
-
- Logger.debug("Processing saml request");
- String SAMLRequest = request.getParameter("SAMLRequest");
+ Logger.debug("Initiating action: " + action);
HTTPInTransport profileReq = new HttpServletRequestAdapter(request);
HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure());
@@ -97,64 +80,51 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext();
samlMessageContext.setInboundMessageTransport(profileReq);
- HTTPPostDecoder postDecoder = new HTTPPostDecoder();
- postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator
-
- try {
- Logger.debug("Attempting to decode request...");
- postDecoder.decode(samlMessageContext);
- } catch (Exception e) {
- Logger.error("Error decoding STORKAuthnRequest", e);
- }
- /*
-
- STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage();
- //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage();
- STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL();
- STORK2Request.setSTORKAuthnRequest(ST2Req);
-
- Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode());
- Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel());
- Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString());
-
- */
- STORKAuthnReq storkAuthnReq = new STORKAuthnReq();
-
-
- STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL();
+ MOASTORKRequest STORK2Request = new MOASTORKRequest();
//extract STORK Response from HTTP Request
- //Decodes SAML Response
-
-
byte[] decSamlToken;
try {
decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest"));
- } catch(NullPointerException e) {
- Logger.error("Unable to retrieve STORK Response", e);
+ } catch (NullPointerException e) {
+ Logger.error("Unable to retrieve STORK Request", e);
throw new MOAIDException("stork.04", null);
}
//Get SAMLEngine instance
- STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+ STORKSAMLEngine authnEngine = STORKSAMLEngine.getInstance("incoming");
+ STORKSAMLEngine attrEngine = STORKSAMLEngine.getInstance("incoming_attr");
STORKAuthnRequest authnRequest = null;
- Logger.error("decsamltoken" +decSamlToken.toString());
+ STORKAttrQueryRequest attrRequest = null;
+ // check if valid authn request is contained
try {
- authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);
+ authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken);
} catch (STORKSAMLEngineException ex) {
- Logger.error("Unable to validate storkrkauthnreqeust" + ex.getMessage() );
+ Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());
+ } catch (ClassCastException e) {
+ Logger.error("Could not extract authenticaiton request");
}
- Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL());
- Logger.error("cc " + authnRequest.getCitizenCountryCode());
- Logger.error("iss " + authnRequest.getIssuer());
- Logger.error("spid " + authnRequest.getSPID());
- Logger.error("spi " + authnRequest.getSpInstitution());
+ // check if a valid attr request is containerd
+ try {
+ attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken);
+ } catch (STORKSAMLEngineException ex) {
+ Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());
+ } catch (ClassCastException e) {
+ Logger.error("Could not extract attribute request");
+ }
+ // if there is no authn or attr request, raise error
+ if ((authnRequest == null) && (attrRequest == null)) {
+ Logger.error("There is no authentication or attribute request contained.");
+ throw new MOAIDException("stork.14", null);
+ }
+ STORK2Request.setSTORKAuthnRequest(authnRequest);
+ STORK2Request.setSTORKAttrRequest(attrRequest);
return STORK2Request;
}
@@ -170,6 +140,11 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
return false;
}
+
+ public void checkPersonalAttributes() {
+
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
index 5efdfd117..797695a00 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
@@ -47,7 +47,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
*/
- @Override
public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession)
throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {
requestedAttributes = new PersonalAttributeList(1);
@@ -58,7 +57,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
*/
- @Override
public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException {
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 4007eacdc..99d5d7612 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -208,6 +208,8 @@ stork.10=Fehler in der Verbindung zum SZR-Gateway
stork.11=Fehler beim Sammeln von StorkAttributen
stork.12=Konnte keine VIDP Konfiguration finden
stork.13=Fehler beim Sammeln eines Attributes in einem AttributProviderPlugin
+stork.14=Es wurde weder Authentifizierungs/ noch Attributerequest empfangen
+stork.15=Unbekannte request.
pvp2.00={0} ist kein gueltiger consumer service index
pvp2.01=Fehler beim kodieren der PVP2 Antwort
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html
new file mode 100644
index 000000000..f655caee0
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html
@@ -0,0 +1,42 @@
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+<body onload="document.forms[0].submit()">
+ <noscript>
+ <p>
+ <strong>Note:</strong> Since your browser does not support
+ JavaScript, you must press the Continue button once to proceed.
+ </p>
+ </noscript>
+
+
+ <div id="alert">Your login is being processed. Thank you for
+ waiting.</div>
+
+ <style type="text/css">
+<!--
+#alert {
+ margin: 100px 250px;
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+ font-size: 14px;
+ font-weight: normal;
+}
+-->
+</style>
+
+ <form action="${action}" method="post" target="_parent">
+ <div>
+ #if($RelayState)<input type="hidden" name="RelayState"
+ value="${RelayState}" />#end #if($SAMLRequest)<input type="hidden"
+ name="SAMLRequest" value="${SAMLRequest}" />#end #if($SAMLResponse)<input
+ type="hidden" name="SAMLResponse" value="${SAMLResponse}" />#end
+
+ </div>
+ <noscript>
+ <div>
+ <input type="submit" value="Continue" />
+ </div>
+ </noscript>
+ </form>
+
+</body>
+</html>