diff options
Diffstat (limited to 'id/server/idserverlib')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 191 | 
1 files changed, 104 insertions, 87 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index efa77577e..dc30e4e12 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -25,6 +25,7 @@ import org.w3c.dom.NamedNodeMap;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import java.io.IOException;  import java.io.StringWriter;  import java.security.NoSuchAlgorithmException; @@ -48,6 +49,11 @@ public class AuthenticationRequest implements IAction {          this.moaSession = moasession; +        Logger.info("CPEPS " + AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS("SI").getPepsURL().toString()); + + +        //AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap(). +          if ((req instanceof MOASTORKRequest) && !((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) {              this.moaStorkRequest = (MOASTORKRequest) req; @@ -155,36 +161,37 @@ public class AuthenticationRequest implements IAction {              // preparing redirection for the client + +            //STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest(); +              try { -                VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); -                Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); -                VelocityContext context = new VelocityContext(); +                //Get SAMLEngine instance +                STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); +                Logger.debug("Starting generation of SAML request"); +                storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest); -                //STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest(); +                //generateSAML Token +                Logger.info("SAML response succesfully generated!"); +            } catch (STORKSAMLEngineException e) { +                Logger.error("Failed to generate STORK SAML Response", e); +                throw new MOAIDException("stork.05", null); +            } -                try { -                    //Get SAMLEngine instance -                    STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); -                    Logger.debug("Starting generation of SAML request"); -                    storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest); - -                    //generateSAML Token -                    Logger.info("SAML response succesfully generated!"); -                } catch (STORKSAMLEngineException e) { -                    Logger.error("Failed to generate STORK SAML Response", e); -                    throw new MOAIDException("stork.05", null); -                } +            // store original request from sp in order to be able to extract it in later iteration/response +            try { +                AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), originalRequest); +                Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request"); +            } catch (MOADatabaseException e) { +                e.printStackTrace(); +            } -                // store original request from sp in order to be able to extract it in later iteration/response -                try { -                    AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), originalRequest); -                    Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request"); -                } catch (MOADatabaseException e) { -                    e.printStackTrace(); -                } +            byte[] blob; +            try { -                byte[] blob; +                VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); +                Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); +                VelocityContext context = new VelocityContext();                  blob = storkAuthnRequest.getTokenSaml();                  context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(blob)); @@ -209,91 +216,101 @@ public class AuthenticationRequest implements IAction {              }              return "xxxx";// TODO -        } // check if we got the response from peps, if so then process it and forward to sp -        else if ((req instanceof MOASTORKResponse)) { - -            MOASTORKResponse moastorkResponse = (MOASTORKResponse) req; - - -            STORKAuthnResponse authnResponse = null; -            // check if valid authn request is contained +        } else if ((req instanceof MOASTORKResponse)) { +            // Check if we got the response from PEPS +            // If so then process it and forward to SP -            //Get SAMLEngine instance -            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - -            try { -                authnResponse = engine.validateSTORKAuthnResponse(moastorkResponse.getSTORKAuthnResponseToken(), httpReq.getRemoteAddr()); -            } catch (STORKSAMLEngineException ex) { -                Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage()); -            } +            return handleMOAStorkResponse("VIDP", (MOASTORKResponse) req, httpReq.getRemoteAddr(), httpResp); +        } else { +            Logger.error("Could not recognize request."); +            throw new MOAIDException("stork.15", null); +        } +    } -            Logger.info("Requesting artifactId " + authnResponse.getInResponseTo() + " from store."); +    /* +    Handles STORKAuthnResponse received from PEPS (return to SP) +     */ +    private String handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException { -            DataContainer dataContainer = null; +        STORKAuthnResponse authnResponse = null; -            try { -                dataContainer = AssertionStorage.getInstance().get(authnResponse.getInResponseTo(), DataContainer.class); -            } catch (MOADatabaseException e) { -                e.printStackTrace(); -            } +        //Get SAMLEngine instance +        STORKSAMLEngine engine = STORKSAMLEngine.getInstance(instanceName); -            authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId()); -            authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL()); +        try { +            authnResponse = engine.validateSTORKAuthnResponse(moastorkResponse.getSTORKAuthnResponseToken(), remoteAddr); +        } catch (STORKSAMLEngineException ex) { +            Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage()); +            throw new MOAIDException("stork.15", null); // TODO +        } +        Logger.debug("Requesting artifactId " + authnResponse.getInResponseTo() + " from store."); -            try { -                //Get SAMLEngine instance -                STORKSAMLEngine engine2 = STORKSAMLEngine.getInstance("VIDP"); -                Logger.debug("Starting generation of SAML response"); +        DataContainer dataContainer = null; +        try { +            dataContainer = AssertionStorage.getInstance().get(authnResponse.getInResponseTo(), DataContainer.class); +        } catch (MOADatabaseException e) { +            Logger.error("Unable to retrieve datacontainer with reference authentication request. Database exception."); +            throw new MOAIDException("stork.15", null); // TODO +        } -                authnResponse = engine2.generateSTORKAuthnResponse(dataContainer.getRequest().getStorkAuthnRequest(), authnResponse, httpReq.getRemoteAddr(), false); +        // setting new reference request and return url +        authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId()); +        authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL()); -                //generateSAML Token -                Logger.info("SAML response succesfully generated!"); -            } catch (STORKSAMLEngineException e) { -                Logger.error("Failed to generate STORK SAML Response", e); -                throw new MOAIDException("stork.05", null); -            } +        Logger.debug("Starting generation of SAML response"); +        try { +            authnResponse = engine.generateSTORKAuthnResponse(dataContainer.getRequest().getStorkAuthnRequest(), authnResponse, remoteAddr, false); +        } catch (STORKSAMLEngineException e) { +            Logger.error("Failed to generate STORK SAML Response", e); +            throw new MOAIDException("stork.05", null);        // TODO check +        } -            // preparing redirection for the client -            try { -                VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); -                Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); -                VelocityContext context = new VelocityContext(); +        Logger.info("SAML response succesfully generated."); -                byte[] blob; -                blob = authnResponse.getTokenSaml(); +        // preparing redirection for the client +        performRedirection("SAMLResponse", dataContainer.getRequest().getAssertionConsumerServiceURL(), authnResponse.getTokenSaml(), httpResp); +        return "yyyyy"; // TODO +    } -                context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob)); -                Logger.debug("SAMLResponse original: " + new String(blob)); +    /* +    Perform redirection of the client based on post binding +     */ +    private void performRedirection(String actionType, String assertionConsumerURL, byte[] tokenSaml, HttpServletResponse httpResp) throws MOAIDException { +        Logger.info("Performing redirection, using action type: " + actionType); -                Logger.debug("Putting assertion consumer url as action: " + dataContainer.getRequest().getAssertionConsumerServiceURL()); -                context.put("action", dataContainer.getRequest().getAssertionConsumerServiceURL()); +        try { +            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); +            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); +            VelocityContext context = new VelocityContext(); -                Logger.debug("Starting template merge"); -                StringWriter writer = new StringWriter(); +            context.put(actionType, PEPSUtil.encodeSAMLToken(tokenSaml)); +            Logger.debug("Encoded " + actionType + " original: " + new String(tokenSaml)); -                Logger.debug("Doing template merge"); -                template.merge(context, writer); -                Logger.debug("Template merge done"); +            Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL); +            context.put("action", assertionConsumerURL); -                Logger.debug("Sending html content: " + writer.getBuffer().toString()); -                Logger.debug("Sending html content2  : " + new String(writer.getBuffer())); +            Logger.debug("Starting template merge"); +            StringWriter writer = new StringWriter(); -                httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); +            Logger.debug("Doing template merge"); +            template.merge(context, writer); +            Logger.debug("Template merge done"); -            } catch (Exception e) { -                Logger.error("Velocity error: " + e.getMessage()); -            } +            Logger.debug("Sending html content: " + writer.getBuffer().toString()); +            Logger.debug("Sending html content2  : " + new String(writer.getBuffer())); +            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); -            return "yyyyy"; // TODO -        } else { -            Logger.error("Could not recognize request."); -            throw new MOAIDException("stork.15", null); +        } catch (IOException e) { +            Logger.error("Velocity IO error: " + e.getMessage()); +            throw new MOAIDException("stork.15", null); // TODO +        } catch (Exception e) { +            Logger.error("Velocity general error: " + e.getMessage()); +            throw new MOAIDException("stork.15", null); // TODO          } -    } +    }      public void generatePEPSRedirect(HttpServletResponse httpResp, DataContainer container) throws MOAIDException {          MOASTORKRequest request = container.getRequest(); | 
