diff options
Diffstat (limited to 'id/server/idserverlib')
5 files changed, 159 insertions, 123 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index e816725c8..2735fde68 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -1,5 +1,9 @@  package at.gv.egovernment.moa.id.protocols.stork2; +import java.io.StringWriter; +import java.util.ArrayList; +import java.util.List; +  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -11,30 +15,23 @@ import at.gv.egovernment.moa.id.moduls.IAction;  import at.gv.egovernment.moa.id.moduls.IRequest;  import at.gv.egovernment.moa.id.storage.AssertionStorage;  import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.commons.io.IOUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.IOException; -import java.io.StringWriter; -import java.util.ArrayList; -import java.util.List; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine;  import org.opensaml.common.impl.SecureRandomIdentifierGenerator;  import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil;  import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException;  /**   * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. @@ -48,58 +45,54 @@ import eu.stork.peps.auth.commons.PersonalAttribute;  public class AttributeCollector implements IAction {      /** -	/** The Constant ARTIFACT_ID. */ -	private static final String ARTIFACT_ID = "artifactId"; -    private DataContainer container; -    private HttpServletResponse httpResp; - +     * The Constant ARTIFACT_ID. +     */ +    private static final String ARTIFACT_ID = "artifactId";      /* (non-Javadoc)       * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)       */      public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { -        this.httpResp = httpResp; - -		// read configuration parameters of OA -		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); -		if (oaParam == null) -			throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); - -    	// find the attribute provider plugin that can handle the response -		IPersonalAttributeList newAttributes = null; -		for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) -			try { -				newAttributes = current.parse(httpReq); -			} catch (UnsupportedAttributeException e1) { -				// the current provider cannot find anything familiar within the -				// provided httpreq. Try the next one. -			} - -		if (null == newAttributes) { -			// we do not have a provider which is capable of fetching something -			// from the received httpreq. -			// TODO should we continue with the next attribute? -			Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); -			throw new MOAIDException("stork.11", null); -		} +        // read configuration parameters of OA +        OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); +        if (oaParam == null) +            throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); -    	// - fetch the container -		String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); -		DataContainer container; -		try { -			container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); -		} catch (MOADatabaseException e) { -			Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); -			throw new MOAIDException("stork.11", null); -		} +        // find the attribute provider plugin that can handle the response +        IPersonalAttributeList newAttributes = null; +        for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) +            try { +                newAttributes = current.parse(httpReq); +                 +                // stop as soon as we hit a capable plugin +                break; +            } catch (UnsupportedAttributeException e1) { +                // the current provider cannot find anything familiar within the +                // provided httpreq. Try the next one. +            } + +        if (null == newAttributes) { +            // we do not have a provider which is capable of fetching something +            // from the received httpreq. +            Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); +        } -    	// - insert the embedded attribute(s) into the container -		for(PersonalAttribute current : newAttributes) -			container.getResponse().getPersonalAttributeList().add(current); -    	 -    	// see if we need some more attributes -    	return processRequest(container, httpReq, httpResp, moasession, oaParam); +        // - fetch the container +        String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); +        DataContainer container; +        try { +            container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); +        } catch (MOADatabaseException e) { +            Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); +            throw new MOAIDException("stork.11", null); +        } + +        // - insert the embedded attribute(s) into the container +        addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes); + +        // see if we need some more attributes +        return processRequest(container, httpReq, httpResp, moasession, oaParam);      }      /** @@ -112,8 +105,6 @@ public class AttributeCollector implements IAction {       */      public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {          // check if there are attributes we need to fetch -        this.httpResp = response; -        this.container = container;          IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();          IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -126,31 +117,42 @@ public class AttributeCollector implements IAction {          try {              // for each attribute still missing              for (PersonalAttribute currentAttribute : missingAttributes) { -                // - check if we can find a suitable AttributeProvider Plugin +            	 +				/* +				 * prefill attributes with "notAvailable". If we get them later, we override the value and status. +				 * This way, there is no error case in which an attribute is left unanswered. +				 */ +				IPersonalAttributeList aquiredAttributes = new PersonalAttributeList(); +				currentAttribute.setStatus("notAvailable"); +				addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); + +            	// - check if we can find a suitable AttributeProvider Plugin                  for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) {                      try {                          // - hand over control to the suitable plugin -                        IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); - -                        // - add the aquired attribute to the container -                        for (PersonalAttribute current : aquiredAttributes) -                            container.getResponse().getPersonalAttributeList().add(current); +                        aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); +                        break;                      } catch (UnsupportedAttributeException e) {                          // ok, try the next attributeprovider                      } catch (MOAIDException e) {                          // the current plugin had an error. Try the next one. -                        // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop                      } -                  } +                 +				// check if we could fetch the attribute +				if (null == aquiredAttributes) { +					// if not +					Logger.error("We have no suitable plugin for obtaining the attribute '" + currentAttribute.getName() + "'"); +				} else +					// else, update any existing attributes +					addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes);              }              // build response -            generateSTORKResponse(); +            generateSTORKResponse(container);              // set new http response -            generateRedirectResponse(); -            response = httpResp; +            generateRedirectResponse(response, container);              return "12345"; // AssertionId @@ -165,23 +167,25 @@ public class AttributeCollector implements IAction {                  AssertionStorage.getInstance().put(newArtifactId, container);                  // add container-key to redirect embedded within the return URL -                e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); - +                e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam);              } catch (Exception e1) {                  // TODO should we return the response as is to the PEPS? -                Logger.error("Error putting incomplete Stork response into temporary storage", e); +                Logger.error("Error putting incomplete Stork response into temporary storage", e1);                  throw new MOAIDException("stork.11", null);              }              return "12345"; // TODO what to do here?          } - -      } - -    private void generateSTORKResponse() throws MOAIDException { +    /** +     * generates binary response from given response class. +     * +     * @param container the container +     * @throws MOAIDException the mOAID exception +     */ +    private void generateSTORKResponse(DataContainer container) throws MOAIDException {          STORKAuthnResponse authnResponse = container.getResponse();          STORKAuthnRequest authnRequest = container.getRequest(); @@ -199,36 +203,31 @@ public class AttributeCollector implements IAction {          }          Logger.info("STORK SAML Response message succesfully generated "); -        String statusCodeValue = authnResponse.getStatusCode(); - -        try { -            Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); -            Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works -            Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); - -        } catch (IOException e) { -            e.printStackTrace(); -        } +        Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); +		Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); +		Logger.debug("authn saml encodedx: " + PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml()));          container.setResponse(authnResponse); -      } - -    private void generateRedirectResponse() { +    /** +     * writes the storkresponse to the httpresponse using the velocity engine. +     * +     * @param httpResp the http resp +     * @param container the container +     */ +    private void generateRedirectResponse(HttpServletResponse httpResp, DataContainer container) {          STORKAuthnResponse authnResponse = container.getResponse();          STORKAuthnRequest authnRequest = container.getRequest(); -          // preparing redirection for the client -          try {              VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();              Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");              VelocityContext context = new VelocityContext(); -            context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); -            Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); +            context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml()).getBytes()); +            Logger.debug("SAMLResponse original: " + new String(authnResponse.getTokenSaml()).getBytes());              Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL());              context.put("action", authnRequest.getAssertionConsumerServiceURL()); @@ -242,19 +241,30 @@ public class AttributeCollector implements IAction {              Logger.debug("Sending html content: " + writer.getBuffer().toString());              Logger.debug("Sending html content2  : " + new String(writer.getBuffer())); -              httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());          } catch (Exception e) {              Logger.error("Velocity error: " + e.getMessage());          } - -        //HttpSession httpSession = this.httpResp.getSession(); -        //httpSession.setAttribute("STORKSessionID", "12345"); -        //Logger.info("Status code again: " + authnResponse.getStatusCode()); - -        //return "12345"; // AssertionId      } +     +    /** +     * Adds or updates all {@link PersonalAttribute} objects given in {@code source} to/in {@code target}. +     * +     * @param target the target +     * @param source the source +     */ +	private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) { +		for (PersonalAttribute current : source) { +			// check if we need to update the current pa +			if (target.containsKey(current.getName())) { +				target.get(current.getName()).setStatus(current.getStatus()); +				target.get(current.getName()).setValue(current.getValue()); +				target.get(current.getName()).setComplexValue(current.getComplexValue()); +			} else +				target.add(current); +		} +	}      /* (non-Javadoc)       * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 2ecae1288..d92b0b72f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -34,13 +34,13 @@ public interface AttributeProvider {  	 * Perform redirect.  	 *  	 * @param url the return URL ending with ?artifactId=... -	 * @param citizenCountyCode the citizen county code +	 * @param spCountyCode the sp county code  	 * @param req the request we got from the S-PEPS and for which we have to ask our APs  	 * @param resp the response to the preceding request  	 * @param oaParam the oa param -	 * @throws MOAIDException  +	 * @throws MOAIDException the mOAID exception  	 */ -	public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; +	public void performRedirect(String url, String spCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException;  	/**  	 * Parses the response we got from the external attribute provider. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java index 44ad0000a..a1c40526d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java @@ -22,9 +22,11 @@ public class DataContainer implements Serializable {  	/** The target. */  	private String target; -    private String remoteAddress; - -    /** +	 +	/** The remote address. */ +	private String remoteAddress; +	 +	/**  	 * Gets the request.  	 *  	 * @return the request @@ -77,13 +79,22 @@ public class DataContainer implements Serializable {  	public void setTarget(String target) {  		this.target = target;  	} -     -    /* -     Sets IP address -     */ -    public void setRemoteAddress(String address) { this.remoteAddress = address; } -    public String getRemoteAddress() { -        return this.remoteAddress; -    } -     + +	/** +	 * Gets the remote address. +	 * +	 * @return the remote address +	 */ +	public String getRemoteAddress() { +		return remoteAddress; +	} + +	/** +	 * Sets the remote address. +	 * +	 * @param remoteAddress the new remote address +	 */ +	public void setRemoteAddress(String remoteAddress) { +		this.remoteAddress = remoteAddress; +	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java index 29b09487b..56f31723c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java @@ -1,12 +1,27 @@  package at.gv.egovernment.moa.id.protocols.stork2;  public class ExternalAttributeRequestRequiredException extends Exception { +	 +	/** The Constant serialVersionUID. */ +	private static final long serialVersionUID = 5207631348933518908L; +	 +	/** The ap. */  	private AttributeProvider ap; +	/** +	 * Instantiates a new external attribute request required exception. +	 * +	 * @param provider the provider +	 */  	public ExternalAttributeRequestRequiredException(AttributeProvider provider) {  		ap = provider;  	} +	/** +	 * Gets the ap. +	 * +	 * @return the ap +	 */  	public AttributeProvider getAp() {  		return ap;  	} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 4314e666e..797695a00 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -89,12 +89,11 @@ public class StorkAttributeRequestProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String)  	 */ -	public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { +	public void performRedirect(String url, String spCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException {      	String spSector = "Business";      	String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();      	String spApplication = spInstitution; -    	String spCountry = "AT";      	//generate AuthnRquest      	STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); @@ -103,12 +102,13 @@ public class StorkAttributeRequestProvider implements AttributeProvider {      	attributeRequest.setIssuer(HTTPUtils.getBaseURL(req));      	attributeRequest.setQaa(oaParam.getQaaLevel());      	attributeRequest.setSpInstitution(spInstitution); -    	attributeRequest.setCountry(spCountry); +    	attributeRequest.setCountry(spCountryCode); +    	attributeRequest.setSpCountry(spCountryCode);      	attributeRequest.setSpApplication(spApplication);      	attributeRequest.setSpSector(spSector);      	attributeRequest.setPersonalAttributeList(requestedAttributes); -    	attributeRequest.setCitizenCountryCode(citizenCountryCode); +    	attributeRequest.setCitizenCountryCode("AT");      	Logger.debug("STORK AttrRequest succesfully assembled."); | 
