diff options
Diffstat (limited to 'id/server/idserverlib')
14 files changed, 921 insertions, 18 deletions
diff --git a/id/server/idserverlib/moa-id-lib.iml b/id/server/idserverlib/moa-id-lib.iml new file mode 100644 index 000000000..cf1b34b4b --- /dev/null +++ b/id/server/idserverlib/moa-id-lib.iml @@ -0,0 +1,179 @@ +<?xml version="1.0" encoding="UTF-8"?> +<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4"> + <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_5" inherit-compiler-output="false"> + <output url="file://$MODULE_DIR$/../../target/classes" /> + <output-test url="file://$MODULE_DIR$/../../target/test-classes" /> + <content url="file://$MODULE_DIR$"> + <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" /> + <sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" /> + <sourceFolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" /> + <excludeFolder url="file://$MODULE_DIR$/target" /> + </content> + <orderEntry type="inheritedJdk" /> + <orderEntry type="sourceFolder" forTests="false" /> + <orderEntry type="library" name="Maven: eu.stork.mw.core:stork-saml-engine:2.0" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:slf4j-log4j12:1.6.6" level="project" /> + <orderEntry type="module" module-name="SamlEngine" /> + <orderEntry type="library" name="Maven: eu.stork:Commons:1.2.0" level="project" /> + <orderEntry type="library" name="Maven: joda-time:joda-time:2.3" level="project" /> + <orderEntry type="library" name="Maven: log4j:log4j:1.2.14" level="project" /> + <orderEntry type="library" name="Maven: org.opensaml:opensaml:2.6.0" level="project" /> + <orderEntry type="library" name="Maven: org.opensaml:openws:1.5.0" level="project" /> + <orderEntry type="library" name="Maven: org.opensaml:xmltooling:1.4.0" level="project" /> + <orderEntry type="library" name="Maven: org.bouncycastle:bcprov-jdk15:1.46" level="project" /> + <orderEntry type="library" name="Maven: commons-codec:commons-codec:1.8" level="project" /> + <orderEntry type="library" name="Maven: ca.juliusdavies:not-yet-commons-ssl:0.3.9" level="project" /> + <orderEntry type="library" name="Maven: commons-httpclient:commons-httpclient:3.1" level="project" /> + <orderEntry type="library" name="Maven: org.apache.santuario:xmlsec:1.5.4" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: org.apache.xerces:xml-apis:2.10.0" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: org.apache.xerces:xercesImpl:2.10.0" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: org.apache.xerces:serializer:2.10.0" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: xml-resolver:xml-resolver:1.2" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: xalan:xalan:2.7.1" level="project" /> + <orderEntry type="library" name="Maven: commons-collections:commons-collections:3.2.1" level="project" /> + <orderEntry type="library" name="Maven: commons-lang:commons-lang:2.6" level="project" /> + <orderEntry type="library" name="Maven: org.apache.velocity:velocity:1.7" level="project" /> + <orderEntry type="library" name="Maven: org.owasp.esapi:esapi:2.0.1" level="project" /> + <orderEntry type="library" name="Maven: org.bouncycastle:bcprov-jdk16:1.46" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:slf4j-simple:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:jcl-over-slf4j:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:log4j-over-slf4j:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.5" level="project" /> + <orderEntry type="library" name="Maven: commons-io:commons-io:2.2" level="project" /> + <orderEntry type="library" name="Maven: eu.stork:oasis-dss-api:1.0.0-SNAPSHOT" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: junit:junit:3.8.1" level="project" /> + <orderEntry type="library" name="Maven: com.sun.xml.ws:jaxws-rt:2.1.7" level="project" /> + <orderEntry type="library" name="Maven: javax.xml.ws:jaxws-api:2.1" level="project" /> + <orderEntry type="library" name="Maven: javax.xml.bind:jaxb-api:2.2.6" level="project" /> + <orderEntry type="library" name="Maven: com.sun.xml.bind:jaxb-impl:2.2.5" level="project" /> + <orderEntry type="library" name="Maven: com.sun.xml.messaging.saaj:saaj-impl:1.3.3" level="project" /> + <orderEntry type="library" name="Maven: javax.xml.soap:saaj-api:1.3" level="project" /> + <orderEntry type="library" name="Maven: javax.activation:activation:1.1" level="project" /> + <orderEntry type="library" name="Maven: com.sun.xml.stream.buffer:streambuffer:0.9" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.staxex:stax-ex:1.2" level="project" /> + <orderEntry type="library" name="Maven: javax.xml.stream:stax-api:1.0" level="project" /> + <orderEntry type="library" name="Maven: org.codehaus.woodstox:wstx-asl:3.2.3" level="project" /> + <orderEntry type="library" name="Maven: stax:stax-api:1.0.1" level="project" /> + <orderEntry type="library" name="Maven: com.sun.org.apache.xml.internal:resolver:20050927" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet:mimepull:1.3" level="project" /> + <orderEntry type="module" module-name="moa-id-commons" /> + <orderEntry type="library" name="Maven: org.hibernate:hibernate-core:4.2.1.Final" level="project" /> + <orderEntry type="library" name="Maven: antlr:antlr:2.7.7" level="project" /> + <orderEntry type="library" name="Maven: org.jboss.logging:jboss-logging:3.1.0.GA" level="project" /> + <orderEntry type="library" name="Maven: dom4j:dom4j:1.6.1" level="project" /> + <orderEntry type="library" name="Maven: org.jboss.spec.javax.transaction:jboss-transaction-api_1.1_spec:1.0.1.Final" level="project" /> + <orderEntry type="library" name="Maven: org.hibernate.javax.persistence:hibernate-jpa-2.0-api:1.0.1.Final" level="project" /> + <orderEntry type="library" name="Maven: org.javassist:javassist:3.15.0-GA" level="project" /> + <orderEntry type="library" name="Maven: org.hibernate.common:hibernate-commons-annotations:4.0.1.Final" level="project" /> + <orderEntry type="library" name="Maven: org.hibernate:hibernate-c3p0:4.2.1.Final" level="project" /> + <orderEntry type="library" name="Maven: c3p0:c3p0:0.9.1" level="project" /> + <orderEntry type="library" name="Maven: org.hibernate:hibernate-entitymanager:4.2.1.Final" level="project" /> + <orderEntry type="library" name="Maven: org.apache.commons:commons-lang3:3.1" level="project" /> + <orderEntry type="module" module-name="moa-common" /> + <orderEntry type="library" name="Maven: commons-logging:commons-logging:1.0.4" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: iaik.prod:iaik_jce_full:5.101" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_moa:1.5" level="project" /> + <orderEntry type="library" name="Maven: jaxen:jaxen:1.0-FCS" level="project" /> + <orderEntry type="library" name="Maven: saxpath:saxpath:1.0-FCS" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.hyperjaxb3:hyperjaxb3-ejb-runtime:0.5.6" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.jaxb2_commons:jaxb2-basics-runtime:0.6.2" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.hyperjaxb3:maven-hyperjaxb3-plugin:0.5.6" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.hyperjaxb3:hyperjaxb3-ejb-plugin:0.5.6" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.annox:annox:0.5.0" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.jaxb2_commons:jaxb2-basics-annotate:0.6.2" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.jaxb2_commons:jaxb2-basics-tools:0.6.2" level="project" /> + <orderEntry type="library" name="Maven: commons-beanutils:commons-beanutils:1.7.0" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.jaxb2_commons:jaxb2-basics:0.6.2" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.hyperjaxb3:hyperjaxb3-ejb-roundtrip:0.5.6" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.jaxb2_commons:jaxb2-basics-testing:0.6.2" level="project" /> + <orderEntry type="library" name="Maven: xmlunit:xmlunit:1.0" level="project" /> + <orderEntry type="library" name="Maven: org.slf4j:slf4j-log4j12:1.6.1" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.hyperjaxb3:hyperjaxb3-ejb-schemas-persistence:0.5.6" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.hyperjaxb3:hyperjaxb3-ejb-schemas-customizations:0.5.6" level="project" /> + <orderEntry type="library" name="Maven: org.springframework:spring:2.0.7" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.jaxb2.maven2:maven-jaxb2-plugin:0.8.0" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.jaxb2.maven2:maven-jaxb2-plugin-core:0.8.0" level="project" /> + <orderEntry type="library" name="Maven: org.apache.maven:maven-plugin-api:2.2.1" level="project" /> + <orderEntry type="library" name="Maven: org.apache.maven:maven-project:2.2.1" level="project" /> + <orderEntry type="library" name="Maven: org.apache.maven:maven-settings:2.2.1" level="project" /> + <orderEntry type="library" name="Maven: org.apache.maven:maven-model:2.2.1" level="project" /> + <orderEntry type="library" name="Maven: org.codehaus.plexus:plexus-utils:1.5.15" level="project" /> + <orderEntry type="library" name="Maven: org.codehaus.plexus:plexus-interpolation:1.11" level="project" /> + <orderEntry type="library" name="Maven: org.codehaus.plexus:plexus-container-default:1.0-alpha-9-stable-1" level="project" /> + <orderEntry type="library" name="Maven: classworlds:classworlds:1.1-alpha-2" level="project" /> + <orderEntry type="library" name="Maven: org.apache.maven:maven-profile:2.2.1" level="project" /> + <orderEntry type="library" name="Maven: org.apache.maven:maven-artifact-manager:2.2.1" level="project" /> + <orderEntry type="library" name="Maven: org.apache.maven:maven-repository-metadata:2.2.1" level="project" /> + <orderEntry type="library" name="Maven: org.apache.maven:maven-artifact:2.2.1" level="project" /> + <orderEntry type="library" name="Maven: org.apache.maven.wagon:wagon-provider-api:1.0-beta-6" level="project" /> + <orderEntry type="library" name="Maven: backport-util-concurrent:backport-util-concurrent:3.1" level="project" /> + <orderEntry type="library" name="Maven: org.apache.maven:maven-plugin-registry:2.2.1" level="project" /> + <orderEntry type="library" name="Maven: org.jfrog.maven.annomojo:maven-plugin-anno:1.3.1" level="project" /> + <orderEntry type="library" name="Maven: org.jvnet.jaxb2.maven2:maven-jaxb22-plugin:0.8.0" level="project" /> + <orderEntry type="library" name="Maven: com.sun.xml.bind:jaxb-xjc:2.2.4-1" level="project" /> + <orderEntry type="library" name="Maven: mysql:mysql-connector-java:5.1.25" level="project" /> + <orderEntry type="module" module-name="moa-common" scope="TEST" production-on-test="" /> + <orderEntry type="module" module-name="moa-spss-lib" /> + <orderEntry type="library" name="Maven: axis:axis:1.1" level="project" /> + <orderEntry type="library" name="Maven: org.apache.axis:axis-jaxrpc:1.4" level="project" /> + <orderEntry type="library" name="Maven: org.apache.axis:axis-saaj:1.4" level="project" /> + <orderEntry type="library" name="Maven: axis:axis-wsdl4j:1.5.1" level="project" /> + <orderEntry type="library" name="Maven: commons-discovery:commons-discovery:0.2" level="project" /> + <orderEntry type="library" name="Maven: javax.mail:mail:1.4" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: postgresql:postgresql:7.2" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: javax.servlet:servlet-api:2.4" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: xalan-bin-dist:xalan:2.7.1" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: xalan:serializer:2.7.1" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: xml-apis:xml-apis:1.3.04" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: xerces:xercesImpl:2.9.0" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: xalan-bin-dist:xml-apis:2.7.1" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: xalan-bin-dist:serializer:2.7.1" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_ixsil:1.2.2.5" level="project" /> + <orderEntry type="library" scope="PROVIDED" name="Maven: iaik.prod:iaik_ecc:2.19" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_cms:4.1_MOA" level="project" /> + <orderEntry type="library" scope="RUNTIME" name="Maven: iaik.prod:iaik_Pkcs11Provider:1.2.4" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_Pkcs11Wrapper:1.2.17" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_tsl:1.0" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_xsect_eval:1.1709142" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_ecc_signed:2.19" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_jce_eval_signed:3.181" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_pki_module:1.0" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_javax_crypto:1.0" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_util:0.23" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_jsse:4.4" level="project" /> + <orderEntry type="library" name="Maven: iaik:iaik_ssl:4.4" level="project" /> + <orderEntry type="library" name="Maven: iaik:w3c_http:1.0" level="project" /> + <orderEntry type="library" name="Maven: org.xerial:sqlite-jdbc:3.7.8-SNAPSHOT" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_util:0.23" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_xsect:1.1709142" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_jsse:4.4" level="project" /> + <orderEntry type="library" name="Maven: com.sun:webservices-tools:2.0.1" level="project" /> + <orderEntry type="library" name="Maven: com.sun:webservices-rt:2.0.1" level="project" /> + <orderEntry type="library" name="Maven: commons-fileupload:commons-fileupload:1.1.1" level="project" /> + <orderEntry type="library" name="Maven: dav4j:dav4j:0.1" level="project" /> + <orderEntry type="library" name="Maven: httpsclient:httpsclient:JSSE-1.0" level="project" /> + <orderEntry type="library" name="Maven: iaik.prod:iaik_X509TrustManager:0.3" level="project" /> + <orderEntry type="library" name="Maven: regexp:regexp:1.3" level="project" /> + <orderEntry type="library" name="Maven: com.googlecode.jsontoken:jsontoken:1.0" level="project" /> + <orderEntry type="library" name="Maven: com.google.code.gson:gson:1.4" level="project" /> + <orderEntry type="library" name="Maven: com.google.collections:google-collections:1.0" level="project" /> + <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpcore:4.0.1" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: com.google.http-client:google-http-client-jackson2:1.17.0-rc" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: com.google.http-client:google-http-client:1.17.0-rc" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: com.google.code.findbugs:jsr305:1.3.9" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: org.apache.httpcomponents:httpclient:4.0.1" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: com.fasterxml.jackson.core:jackson-core:2.1.3" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: com.google.oauth-client:google-oauth-client-jetty:1.17.0-rc" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: com.google.oauth-client:google-oauth-client-java6:1.17.0-rc" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: com.google.oauth-client:google-oauth-client:1.17.0-rc" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: org.mortbay.jetty:jetty:6.1.26" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: org.mortbay.jetty:jetty-util:6.1.26" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: org.mortbay.jetty:servlet-api:2.5-20081211" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: org.testng:testng:6.1.1" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: org.beanshell:bsh:2.0b4" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: com.beust:jcommander:1.12" level="project" /> + <orderEntry type="library" scope="TEST" name="Maven: org.yaml:snakeyaml:1.6" level="project" /> + </component> +</module> + diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 68acb8841..cca543a26 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -23,7 +23,7 @@ <url>https://build.shibboleth.net/nexus/content/groups/public/</url>
</repository>
</repositories>
-
+
<dependencies>
<dependency>
<groupId>eu.stork</groupId>
@@ -41,6 +41,34 @@ <artifactId>moa-id-commons</artifactId>
<version>${pom.version}</version>
</dependency>
+ <!--
+ <dependency>
+ <groupId>MOA.id</groupId>
+ <artifactId>stork-saml-engine</artifactId>
+ <version>1.5.2</version>
+ </dependency>
+ <dependency>
+ <groupId>MOA.id</groupId>
+ <artifactId>mw-messages-api</artifactId>
+ <version>2.0</version>
+ </dependency>
+ -->
+ <dependency>
+ <groupId>eu.stork</groupId>
+ <artifactId>Commons</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>eu.stork</groupId>
+ <artifactId>SamlEngine</artifactId>
+ <version>1.1.0</version>
+ </dependency>
+
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
<dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
@@ -59,17 +87,22 @@ <dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
+ <version>1.1</version>
</dependency>
-
-<!-- <dependency>
+
+ <dependency>
<groupId>com.sun</groupId>
<artifactId>webservices-tools</artifactId>
<version>2.0.1</version>
</dependency>
- <dependency>
+ <dependency>
<groupId>com.sun</groupId>
<artifactId>webservices-rt</artifactId>
<version>2.0.1</version>
+ </dependency>
+<!--<dependency>
+ <groupId>javax.xml.bind</groupId>
+ <artifactId>jaxb-api</artifactId>
</dependency> -->
<dependency>
@@ -188,7 +221,10 @@ <groupId>regexp</groupId>
<artifactId>regexp</artifactId>
</dependency>
-
+ <!-- <dependency> <groupId>commons-httpclient</groupId> <artifactId>commons-httpclient</artifactId>
+ </dependency> -->
+ <!-- <dependency> <groupId>at.gv.egovernment.moa.id</groupId> <artifactId>mandate-validate</artifactId>
+ <version>1.1</version> </dependency> -->
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
@@ -239,15 +275,16 @@ <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
- <source>1.6</source>
- <target>1.6</target>
+ <source>1.5</source>
+ <target>1.5</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
- <skipTests>true</skipTests>
+ <skip>true</skip>
+ <skipTests>true</skipTests>
<archive>
<addMavenDescriptor>false</addMavenDescriptor>
</archive>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a5e92c701..3d38efa9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1874,7 +1874,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); - Logger.debug("Preparing to assemble STORK AuthnRequest witt the following values:"); + Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); String destination = cpeps.getPepsURL().toExternalForm(); Logger.debug("C-PEPS URL: " + destination); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index d6d22fe4a..479775dd5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -110,9 +110,11 @@ public class SignatureVerificationInvoker { authConnParam = authConfigProvider.getMoaSpConnectionParameter(); //If the ConnectionParameter do NOT exist, we try to get the api to work.... if (authConnParam != null) { + Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); endPoint = authConnParam.getUrl(); call.setTargetEndpointAddress(endPoint); responses = (Vector) call.invoke(serviceName, params); + Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used response = (SOAPBodyElement) responses.get(0); return response.getAsDOM(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index b356c6f35..41be2c7e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -331,6 +331,7 @@ public class PEPSConnectorServlet extends AuthServlet { //TODO: found better solution, but QAA Level in response could be not supported yet
try {
+
moasession.setQAALevel(authnResponse.getAssertions().get(0).
getAuthnStatements().get(0).getAuthnContext().
getAuthnContextClassRef().getAuthnContextClassRef());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 0d39a4bc5..7e248243b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -123,11 +123,12 @@ public class VerifyXMLSignatureResponseValidator { checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null); if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5) checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null); - - if (whatToCheck.equals(CHECK_IDENTITY_LINK)) - throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); - else - throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); + + // TEST CARDS + // if (whatToCheck.equals(CHECK_IDENTITY_LINK)) + // throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); + // else + // throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); } if (ignoreManifestValidationResult) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 463930fd7..659035337 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -25,6 +25,7 @@ */
package at.gv.egovernment.moa.id.config.stork;
+import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
@@ -33,10 +34,15 @@ import java.util.List; import java.util.Map;
import java.util.Properties;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.xml.sax.SAXException;
+
+import javax.xml.parsers.ParserConfigurationException;
/**
* Encapsulates several STORK configuration parameters according MOA configuration
@@ -59,8 +65,9 @@ public class STORKConfig { this.props = props;
//create CPEPS map
- List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
-
+ //List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
+ List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = new ArrayList<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS>(); // TODO Change this
+
cpepsMap = new HashMap<String, CPEPS>();
for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
@@ -74,16 +81,44 @@ public class STORKConfig { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ cpep.getCountryCode() + " has an invalid URL and is ignored.");
}
+ /*catch (ParserConfigurationException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (SAXException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (IOException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (MessageEncodingException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ }*/
}
-
+
+ SAMLSigningParameter samlsign = null;
+ try {
+ samlsign = stork.getSAMLSigningParameter(); // TODO Fix nullpointerexception when nothing is configured
+ }
+ catch (Exception ex) {
+ Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
+ }
+
+ if (samlsign == null) {
+ Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
attr = new ArrayList<StorkAttribute>();
+ try {
for(StorkAttribute current : stork.getAttributes()) {
attr.add(current);
- }
+ } } catch (Exception ex) { // TODO FIX FIX
+ Logger.warn("Error in MOA-ID Configuration. No STORK->Attributes found.");
+ }
}
+ }
+
public SignatureCreationParameter getSignatureCreationParameter() {
return new SignatureCreationParameter(props, basedirectory);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 1f526caca..01b80a93f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -516,6 +516,8 @@ public class DispatcherServlet extends AuthServlet{ ConfigurationDBUtils.closeSession(); } + Logger.info("Clossing Dispatcher processing loop"); + Logger.info("Http response prepared sent: " + resp.toString()); } @Override diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java index 91f98608c..4a1da76e2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java @@ -33,6 +33,7 @@ public class ModulStorage { private static final String[] modulClasses = new String[]{ "at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol", "at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol", + "at.gv.egovernment.moa.id.protocols.stork2.STORKProtocol", "at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol" }; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java new file mode 100644 index 000000000..1971fe12d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -0,0 +1,253 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.logging.Logger; +import edu.emory.mathcs.backport.java.util.Collections; +import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.commons.io.IOUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +import org.opensaml.xml.util.Base64; +import org.opensaml.xml.util.XMLHelper; +import javax.servlet.ServletOutputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.*; +import java.util.ArrayList; +import java.util.HashMap; +import eu.stork.peps.auth.engine.SAMLEngine; +import sun.rmi.runtime.Log; + +/** + * @author bsuzic + * Date: 12/3/13, Time: 2:08 PM + */ + +public class AuthenticationRequest implements IAction { + /* + Second request step - after authentication of the user is done and moasession obtained, + process request and forward the user further to PEPS and/or other entities + */ + + + private VelocityEngine velocityEngine; + + + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + Logger.debug("Starting AuthenticationRequest"); + //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); + Logger.debug("Http Response: " + httpResp.toString() + ", "); + Logger.debug("Remote user: " + httpReq.getRemoteAddr()); + Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); + httpResp.reset(); + //httpResp.addHeader("Location", "http:/www.google.com"); + if (req instanceof STORKAuthnRequestDEL) { + /* + Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); + StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); + + HttpSession httpSession = httpReq.getSession(); + httpSession.setAttribute("STORKSessionID", "12345"); + httpResp.setStatus(startAuthResponse.getHttpStatusCode()); + try { + ServletOutputStream os = httpResp.getOutputStream(); + String html = new String(startAuthResponse.getContent()); + + + if (html.contains("<![CDATA[")) { + Logger.info("-------- content contains <![CDATA[-----------------"); + Logger.info("-------- content contains html -----------------"); + Logger.info("HTML : " + html); + int beginIndex = html.indexOf("<![CDATA["); + int endIndex = html.indexOf("]]>"); + html = html.substring(beginIndex + 9, endIndex); + startAuthResponse.setContent(html.getBytes()); + } + Logger.info("HTML : " + html); + + os.write(startAuthResponse.getContent()); + Logger.info("Response sent to client"); + } catch (IOException e) { + Logger.error("ERROR MOA"); + throw new MOAIDException("error response sending", new Object[]{}); + } + //httpSession.setAttribute("CCC", ccc); + + */ + } + + + //httpResp.setStatus(200); + //VPEPSInboundPostHandler + + // - prepare attribute list + PersonalAttributeList attributeList = new PersonalAttributeList(); + + STORKAuthnResponse authnResponse = new STORKAuthnResponse(); + authnResponse.setCountry("AT"); + + + try { + + IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); + + for (PersonalAttribute personalAttribute : moaAttrList) { + Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); + if (personalAttribute.getValue().size() > 0) { + for (String value : personalAttribute.getValue()) { + Logger.info(" Value found: " + value); + } + } + } + + } catch (Exception e) { + Logger.error("Exception, attributes: " + e.getMessage()); + } + + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName("eIdentifier"); + newAttribute.setValue(new ArrayList<String>(Collections.singletonList("xxxxxxxxxxxxxxx"))); + attributeList.add(newAttribute); + authnResponse.setPersonalAttributeList(attributeList); + + + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); + Logger.debug("Starting generation of SAML response"); + authnResponse = engine.generateSTORKAuthnResponse(((STORKAuthnRequestDEL)req).getStorkAuthnRequest(),authnResponse,httpReq.getRemoteAddr(),false); + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + }catch(STORKSAMLEngineException e){ + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + Logger.info("STORK SAML Response message succesfully generated "); + Logger.debug("STORK response: "); + + Logger.debug("authn response string: " + authnResponse.toString()); + + String statusCodeValue = authnResponse.getStatusCode(); + Logger.debug("authn status code value: " + statusCodeValue); + + try { + Logger.debug("authn saml:" + IOUtils.toString(authnResponse.getTokenSaml())); + + } catch (IOException e) { + e.printStackTrace(); + } + + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + //Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); + + context.put("SAMLResponse", IOUtils.toString(authnResponse.getTokenSaml())); + Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); + + Logger.info("Putting assertion consumer url as action: " + ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + context.put("action", ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + httpResp.getOutputStream().write(writer.toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + } + + HttpSession httpSession = httpReq.getSession(); + httpSession.setAttribute("STORKSessionID", "12345"); + Logger.info("Status code: " + authnResponse.getStatusCode()); + + + + + return "12345"; // AssertionId + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + return true; + } + + + /* + + public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) { + + StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap<String, String>()); + + if (authnRequest.getSPID() != null) { + Logger.debug("SP id: " + authnRequest.getSPID()); + } else { + SpInstitution spInstitution = (SpInstitution)authnRequest.getExtensions().getUnknownXMLObjects(SpInstitution.DEFAULT_ELEMENT_NAME).get(0); + Logger.debug("SP institution: " + spInstitution.getValue()); + } + + Logger.debug("SPEPS issuer: " + authnRequest.getIssuer().getValue()); + Logger.debug("SPEPS Consumer URL: " + authnRequest.getAssertionConsumerServiceURL()); + + + + try { + + initVelocityEngine(); + VelocityContext velocityContext = new VelocityContext(); + + velocityContext.put("action", authnRequest.getDestination()); + if (authnRequest.getDOM() == null) { + SAMLUtil.marshallMessage(authnRequest); + } + + String messageXML = XMLHelper.nodeToString(authnRequest.getDOM()); + String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES); + velocityContext.put("SAMLRequest", encodedMessage); + ByteArrayOutputStream outStream = new ByteArrayOutputStream(); + + Writer out = new OutputStreamWriter(outStream, "UTF-8"); + velocityEngine.mergeTemplate("/templates/saml2-post-binding.vm", "UTF-8", velocityContext, out); + out.flush(); + authResponse.setContent(outStream.toByteArray()); + + authResponse.addHeader("Content-Type", "text/html; charset=utf-8"); + authResponse.addHeader("Cache-Control", "no-cache"); + authResponse.setHttpStatusCode(200); + + } catch (Exception e) { + Logger.error("ERROR"); + } + + + return authResponse; + } + + */ + + public String getDefaultActionName() { + return STORKProtocol.AUTHENTICATIONREQUEST; + } + + + private void initVelocityEngine() throws Exception { + velocityEngine = new VelocityEngine(); + velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + velocityEngine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + + velocityEngine.init(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java new file mode 100644 index 000000000..54072b6a3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java @@ -0,0 +1,105 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.ws.transport.http.HTTPInTransport; + + +/** + * @author bsuzic + * Date: 1/22/14, Time: 5:30 PM + */ +public class STORKAuthnReq implements IRequest { + private String requestID; + private String target = null; + String module = null; + String action = null; + private STORKAuthnRequest storkAuthnRequest; + + public void setSTORKAuthnRequest(STORKAuthnRequest request) { + this.storkAuthnRequest = request; + } + + public STORKAuthnRequest getStorkAuthnRequest() { + return this.storkAuthnRequest; + } + + public void createStorkReq(HTTPInTransport profileReq) { + Logger.debug("Generate stork request test..."); + storkAuthnRequest = new STORKAuthnRequest(); + + BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); + samlMessageContext.setInboundMessageTransport(profileReq); + + HTTPPostDecoder postDecoder = new HTTPPostDecoder(); + postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator + + try { + Logger.debug("Attempting to decode request..."); + postDecoder.decode(samlMessageContext); + } catch (Exception e) { + Logger.error("Error decoding STORKAuthnRequest", e); + } + + + + //storkAuthnRequest = (STORKAuthnRequest)samlMessageContext.getInboundSAMLMessage(); + //samlMessageContext.getinbound + //storkAuthnRequest.set + + + + } + + + + public String getOAURL() { + return "https://sp:8889/SP"; // + } + + public boolean isPassiv() { + return false; // + } + + public boolean forceAuth() { + return false; // + } + + public boolean isSSOSupported() { + return false; // + } + + public String requestedModule() { + return this.module; // + } + + public String requestedAction() { + return action; // + } + + public void setModule(String module) { + this.module = module; + } + + public void setAction(String action) { + this.action = action; + } + + public String getTarget() { + return this.target; // + } + + public void setRequestID(String id) { + this.requestID = id; + } + + public String getRequestID() { + return this.requestID; // + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java new file mode 100644 index 000000000..c8a5ac84d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java @@ -0,0 +1,71 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.moduls.IRequest; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import org.opensaml.common.xml.SAMLConstants; + +/** + * @author bsuzic + * Date: 12/4/13, Time: 6:31 PM + */ +//public class STORKAuthnRequestDEL extends STORKAuthnRequestImpl implements IRequest { + +public class STORKAuthnRequestDEL implements IRequest { + private String requestID; + private String target = null; + String module = null; + String action = null; + private STORKAuthnRequest storkAuthnRequest; + + public void setSTORKAuthnRequest(STORKAuthnRequest request) { + this.storkAuthnRequest = request; + } + + public STORKAuthnRequest getStorkAuthnRequest() { + return this.storkAuthnRequest; + } + + public String getOAURL() { + return "https://sp:8889/SP"; // + } + + public boolean isPassiv() { + return false; // + } + + public boolean forceAuth() { + return false; // + } + + public boolean isSSOSupported() { + return false; // + } + + public String requestedModule() { + return this.module; // + } + + public String requestedAction() { + return action; // + } + + public void setModule(String module) { + this.module = module; + } + + public void setAction(String action) { + this.action = action; + } + + public String getTarget() { + return this.target; // + } + + public void setRequestID(String id) { + this.requestID = id; + } + + public String getRequestID() { + return this.requestID; // + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java new file mode 100644 index 000000000..9564afa27 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -0,0 +1,174 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.ws.transport.http.HTTPInTransport; +import org.opensaml.ws.transport.http.HTTPOutTransport; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Collections; +import java.util.HashMap; + +/** + * Stork 2 Protocol Support + * Date: 11/29/13, Time: 12:32 PM + * @author bsuzic + */ +public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { + + public static final String NAME = STORKProtocol.class.getName(); + public static final String PATH = "id_stork2"; + + public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; + + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + + static { + + actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); + + instance = new STORKProtocol(); + } + + private static STORKProtocol instance = null; + + + public String getName() { + return NAME; + } + + public String getPath() { + return PATH; + } + + public IAction getAction(String action) { + return actions.get(action); + } + + public STORKProtocol() { + super(); // + } + + /* + First request step - send it to BKU selection for user authentication. After the user credentials + and other info are obtained, in the second step the request will be processed and the user redirected + */ + public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { + Logger.debug("Starting preprocessing"); + Logger.debug("Got request: " + request.toString()); + Logger.debug("Request method: " + request.getMethod()); + for (Object o : Collections.list(request.getHeaderNames())) { + Logger.debug("Request header: " + o.toString() + ":::" + request.getHeader(o.toString())); + } + for (Object o : Collections.list(request.getParameterNames())) { + Logger.debug("Request parameter: " + o.toString() + "::::" + request.getParameter(o.toString())); + } + + Logger.debug("Request content length: " + request.getContentLength()); + Logger.debug("Request query: " + request.getQueryString()); + Logger.debug("Response: " + response.toString()); + Logger.debug("Action: " + action); + + Logger.debug("Processing saml request"); + String SAMLRequest = request.getParameter("SAMLRequest"); + + HTTPInTransport profileReq = new HttpServletRequestAdapter(request); + HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure()); + + + BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); + samlMessageContext.setInboundMessageTransport(profileReq); + + HTTPPostDecoder postDecoder = new HTTPPostDecoder(); + postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator + + try { + Logger.debug("Attempting to decode request..."); + postDecoder.decode(samlMessageContext); + } catch (Exception e) { + Logger.error("Error decoding STORKAuthnRequest", e); + } + /* + + STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); + //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage(); + STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); + STORK2Request.setSTORKAuthnRequest(ST2Req); + + Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode()); + Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel()); + Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); + + */ + STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); + + + STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); + + + //extract STORK Response from HTTP Request + //Decodes SAML Response + + + byte[] decSamlToken; + try { + decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest")); + } catch(NullPointerException e) { + Logger.error("Unable to retrieve STORK Response", e); + throw new MOAIDException("stork.04", null); + } + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); + + STORKAuthnRequest authnRequest = null; + Logger.error("decsamltoken" +decSamlToken.toString()); + + try { + authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate storkrkauthnreqeust" + ex.getMessage() ); + } + + Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL()); + Logger.error("cc " + authnRequest.getCitizenCountryCode()); + Logger.error("iss " + authnRequest.getIssuer()); + Logger.error("spid " + authnRequest.getSPID()); + Logger.error("spi " + authnRequest.getSpInstitution()); + + + STORK2Request.setSTORKAuthnRequest(authnRequest); + + return STORK2Request; + } + + public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { + return null; + } + + public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { + return false; + } + + public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { + return false; + } +} + + diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html new file mode 100644 index 000000000..f655caee0 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html @@ -0,0 +1,42 @@ +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + +<body onload="document.forms[0].submit()"> + <noscript> + <p> + <strong>Note:</strong> Since your browser does not support + JavaScript, you must press the Continue button once to proceed. + </p> + </noscript> + + + <div id="alert">Your login is being processed. Thank you for + waiting.</div> + + <style type="text/css"> +<!-- +#alert { + margin: 100px 250px; + font-family: Verdana, Arial, Helvetica, sans-serif; + font-size: 14px; + font-weight: normal; +} +--> +</style> + + <form action="${action}" method="post" target="_parent"> + <div> + #if($RelayState)<input type="hidden" name="RelayState" + value="${RelayState}" />#end #if($SAMLRequest)<input type="hidden" + name="SAMLRequest" value="${SAMLRequest}" />#end #if($SAMLResponse)<input + type="hidden" name="SAMLResponse" value="${SAMLResponse}" />#end + + </div> + <noscript> + <div> + <input type="submit" value="Continue" /> + </div> + </noscript> + </form> + +</body> +</html> |