diff options
Diffstat (limited to 'id/server/idserverlib')
2 files changed, 143 insertions, 53 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index b7fa37757..7801f9a54 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -91,59 +91,149 @@ public class AttributeCollector implements IAction {       * @throws MOAIDException        */      public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { -    	// check if there are attributes we need to fetch -    	IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); -    	IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); -    	List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>(); -    	for(PersonalAttribute current : requestAttributeList) -    		if(!responseAttributeList.containsKey(current)) -    			missingAttributes.add(current); -    	 -    	try { -	    	// for each attribute still missing -	    	for(PersonalAttribute currentAttribute : missingAttributes) { -	    	// - check if we can find a suitable AttributeProvider Plugin -				for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { -					try { -						// - hand over control to the suitable plugin -						IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); - -						// - add the aquired attribute to the container -						for(PersonalAttribute current : aquiredAttributes) -							container.getResponse().getPersonalAttributeList().add(current); -					} catch(UnsupportedAttributeException e) { -						// ok, try the next attributeprovider -					} catch(MOAIDException e) { -						// the current plugin had an error. Try the next one. -						// TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop -					} -	 -	    		} -	    	} -		} catch (ExternalAttributeRequestRequiredException e) { -			// the attribute request is ongoing and requires an external service. -			try { -				// memorize the container again -				// - generate new key -				String newArtifactId = new SecureRandomIdentifierGenerator() -						.generateIdentifier(); - -				// - put container in temporary store. -				AssertionStorage.getInstance().put(newArtifactId, container); - -				// add container-key to redirect embedded within the return URL -				e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); -			} catch (Exception e1) { -				// TODO should we return the response as is to the PEPS? -				Logger.error("Error putting incomplete Stork response into temporary storage", e); -				throw new MOAIDException("stork.11", null); -			} +        // check if there are attributes we need to fetch +        this.httpResp = response; +        this.container = container; + +        IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); +        IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); +        List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>(); +        for (PersonalAttribute current : requestAttributeList) +            if (!responseAttributeList.containsKey(current.getName())) +                missingAttributes.add(current); + +        // Try to get all missing attributes +        try { +            // for each attribute still missing +            for (PersonalAttribute currentAttribute : missingAttributes) { +                // - check if we can find a suitable AttributeProvider Plugin +                for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { +                    try { +                        // - hand over control to the suitable plugin +                        IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); + +                        // - add the aquired attribute to the container +                        for (PersonalAttribute current : aquiredAttributes) +                            container.getResponse().getPersonalAttributeList().add(current); +                    } catch (UnsupportedAttributeException e) { +                        // ok, try the next attributeprovider +                    } catch (MOAIDException e) { +                        // the current plugin had an error. Try the next one. +                        // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop +                    } + +                } +            } + +            // build response +            generateSTORKResponse(); + +            // set new http response +            generateRedirectResponse(); +            response = httpResp; + +            return "12345"; // AssertionId + +        } catch (ExternalAttributeRequestRequiredException e) { +            // the attribute request is ongoing and requires an external service. +            try { +                // memorize the container again +                // - generate new key +                String newArtifactId = new SecureRandomIdentifierGenerator() +                        .generateIdentifier(); +                // - put container in temporary store. +                AssertionStorage.getInstance().put(newArtifactId, container); + +                // add container-key to redirect embedded within the return URL +                e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); + + +            } catch (Exception e1) { +                // TODO should we return the response as is to the PEPS? +                Logger.error("Error putting incomplete Stork response into temporary storage", e); +                throw new MOAIDException("stork.11", null); +            } + +            return "12345"; // TODO what to do here? +        } -			return "12345"; // TODO what to do here? -		} -    	// build response -    	// done -    	return "12345"; // AssertionId + +    } + + +    private void generateSTORKResponse() throws MOAIDException { +        STORKAuthnResponse authnResponse = container.getResponse(); +        STORKAuthnRequest authnRequest = container.getRequest(); + +        try { +            //Get SAMLEngine instance +            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); +            Logger.debug("Starting generation of SAML response"); +            authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false); + +            //generateSAML Token +            Logger.info("SAML response succesfully generated!"); +        } catch (STORKSAMLEngineException e) { +            Logger.error("Failed to generate STORK SAML Response", e); +            throw new MOAIDException("stork.05", null); +        } + +        Logger.info("STORK SAML Response message succesfully generated "); +        String statusCodeValue = authnResponse.getStatusCode(); + +        try { +            Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); +            Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works +            Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + +        } catch (IOException e) { +            e.printStackTrace(); +        } + +        container.setResponse(authnResponse); + +    } + + +    private void generateRedirectResponse() { +        STORKAuthnResponse authnResponse = container.getResponse(); +        STORKAuthnRequest authnRequest = container.getRequest(); + + +        // preparing redirection for the client + +        try { +            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); +            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); +            VelocityContext context = new VelocityContext(); + +            context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); +            Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + +            Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); +            context.put("action", authnRequest.getAssertionConsumerServiceURL()); +            Logger.debug("Starting template merge"); +            StringWriter writer = new StringWriter(); + +            Logger.debug("Doing template merge"); +            template.merge(context, writer); +            Logger.debug("Template merge done"); + +            Logger.debug("Sending html content: " + writer.getBuffer().toString()); +            Logger.debug("Sending html content2  : " + new String(writer.getBuffer())); + + +            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + +        } catch (Exception e) { +            Logger.error("Velocity error: " + e.getMessage()); +        } + +        //HttpSession httpSession = this.httpResp.getSession(); +        //httpSession.setAttribute("STORKSessionID", "12345"); +        //Logger.info("Status code again: " + authnResponse.getStatusCode()); + +        //return "12345"; // AssertionId      }      /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 318a8fc9c..01f0079ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -137,7 +137,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {          }          //Get SAMLEngine instance -        STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); +        STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");          STORKAuthnRequest authnRequest = null;          Logger.error("decsamltoken" +decSamlToken.toString()); | 
