aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java200
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java9
6 files changed, 159 insertions, 94 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 7801f9a54..2735fde68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -1,11 +1,13 @@
package at.gv.egovernment.moa.id.protocols.stork2;
+import java.io.StringWriter;
import java.util.ArrayList;
import java.util.List;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -17,10 +19,19 @@ import at.gv.egovernment.moa.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
/**
* the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins.
@@ -32,54 +43,56 @@ import eu.stork.peps.auth.commons.PersonalAttribute;
*
*/
public class AttributeCollector implements IAction {
-
- /** The Constant ARTIFACT_ID. */
- private static final String ARTIFACT_ID = "artifactId";
-
+
+ /**
+ * The Constant ARTIFACT_ID.
+ */
+ private static final String ARTIFACT_ID = "artifactId";
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
*/
public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
- // read configuration parameters of OA
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
- if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() });
-
- // find the attribute provider plugin that can handle the response
- IPersonalAttributeList newAttributes = null;
- for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs()))
- try {
- newAttributes = current.parse(httpReq);
- } catch (UnsupportedAttributeException e1) {
- // the current provider cannot find anything familiar within the
- // provided httpreq. Try the next one.
- }
-
- if (null == newAttributes) {
- // we do not have a provider which is capable of fetching something
- // from the received httpreq.
- // TODO should we continue with the next attribute?
- Logger.error("No attribute could be retrieved from the response the attribute provider gave us.");
- throw new MOAIDException("stork.11", null);
- }
+ // read configuration parameters of OA
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
- // - fetch the container
- String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID);
- DataContainer container;
- try {
- container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
- } catch (MOADatabaseException e) {
- Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
- throw new MOAIDException("stork.11", null);
- }
+ // find the attribute provider plugin that can handle the response
+ IPersonalAttributeList newAttributes = null;
+ for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs()))
+ try {
+ newAttributes = current.parse(httpReq);
+
+ // stop as soon as we hit a capable plugin
+ break;
+ } catch (UnsupportedAttributeException e1) {
+ // the current provider cannot find anything familiar within the
+ // provided httpreq. Try the next one.
+ }
- // - insert the embedded attribute(s) into the container
- for(PersonalAttribute current : newAttributes)
- container.getResponse().getPersonalAttributeList().add(current);
-
- // see if we need some more attributes
- return processRequest(container, httpReq, httpResp, moasession, oaParam);
+ if (null == newAttributes) {
+ // we do not have a provider which is capable of fetching something
+ // from the received httpreq.
+ Logger.error("No attribute could be retrieved from the response the attribute provider gave us.");
+ }
+
+ // - fetch the container
+ String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID);
+ DataContainer container;
+ try {
+ container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
+ } catch (MOADatabaseException e) {
+ Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
+ throw new MOAIDException("stork.11", null);
+ }
+
+ // - insert the embedded attribute(s) into the container
+ addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes);
+
+ // see if we need some more attributes
+ return processRequest(container, httpReq, httpResp, moasession, oaParam);
}
/**
@@ -92,8 +105,6 @@ public class AttributeCollector implements IAction {
*/
public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {
// check if there are attributes we need to fetch
- this.httpResp = response;
- this.container = container;
IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList();
@@ -106,31 +117,42 @@ public class AttributeCollector implements IAction {
try {
// for each attribute still missing
for (PersonalAttribute currentAttribute : missingAttributes) {
- // - check if we can find a suitable AttributeProvider Plugin
+
+ /*
+ * prefill attributes with "notAvailable". If we get them later, we override the value and status.
+ * This way, there is no error case in which an attribute is left unanswered.
+ */
+ IPersonalAttributeList aquiredAttributes = new PersonalAttributeList();
+ currentAttribute.setStatus("notAvailable");
+ addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes);
+
+ // - check if we can find a suitable AttributeProvider Plugin
for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) {
try {
// - hand over control to the suitable plugin
- IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession);
-
- // - add the aquired attribute to the container
- for (PersonalAttribute current : aquiredAttributes)
- container.getResponse().getPersonalAttributeList().add(current);
+ aquiredAttributes = currentProvider.acquire(currentAttribute, moasession);
+ break;
} catch (UnsupportedAttributeException e) {
// ok, try the next attributeprovider
} catch (MOAIDException e) {
// the current plugin had an error. Try the next one.
- // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop
}
-
}
+
+ // check if we could fetch the attribute
+ if (null == aquiredAttributes) {
+ // if not
+ Logger.error("We have no suitable plugin for obtaining the attribute '" + currentAttribute.getName() + "'");
+ } else
+ // else, update any existing attributes
+ addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes);
}
// build response
- generateSTORKResponse();
+ generateSTORKResponse(container);
// set new http response
- generateRedirectResponse();
- response = httpResp;
+ generateRedirectResponse(response, container);
return "12345"; // AssertionId
@@ -145,23 +167,25 @@ public class AttributeCollector implements IAction {
AssertionStorage.getInstance().put(newArtifactId, container);
// add container-key to redirect embedded within the return URL
- e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam);
-
+ e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam);
} catch (Exception e1) {
// TODO should we return the response as is to the PEPS?
- Logger.error("Error putting incomplete Stork response into temporary storage", e);
+ Logger.error("Error putting incomplete Stork response into temporary storage", e1);
throw new MOAIDException("stork.11", null);
}
return "12345"; // TODO what to do here?
}
-
-
}
-
- private void generateSTORKResponse() throws MOAIDException {
+ /**
+ * generates binary response from given response class.
+ *
+ * @param container the container
+ * @throws MOAIDException the mOAID exception
+ */
+ private void generateSTORKResponse(DataContainer container) throws MOAIDException {
STORKAuthnResponse authnResponse = container.getResponse();
STORKAuthnRequest authnRequest = container.getRequest();
@@ -179,36 +203,31 @@ public class AttributeCollector implements IAction {
}
Logger.info("STORK SAML Response message succesfully generated ");
- String statusCodeValue = authnResponse.getStatusCode();
-
- try {
- Logger.debug("authn saml plain:" + authnResponse.getTokenSaml());
- Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works
- Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
-
- } catch (IOException e) {
- e.printStackTrace();
- }
+ Logger.debug("authn saml plain:" + authnResponse.getTokenSaml());
+ Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml()));
+ Logger.debug("authn saml encodedx: " + PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml()));
container.setResponse(authnResponse);
-
}
-
- private void generateRedirectResponse() {
+ /**
+ * writes the storkresponse to the httpresponse using the velocity engine.
+ *
+ * @param httpResp the http resp
+ * @param container the container
+ */
+ private void generateRedirectResponse(HttpServletResponse httpResp, DataContainer container) {
STORKAuthnResponse authnResponse = container.getResponse();
STORKAuthnRequest authnRequest = container.getRequest();
-
// preparing redirection for the client
-
try {
VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
VelocityContext context = new VelocityContext();
- context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
- Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+ context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml()).getBytes());
+ Logger.debug("SAMLResponse original: " + new String(authnResponse.getTokenSaml()).getBytes());
Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL());
context.put("action", authnRequest.getAssertionConsumerServiceURL());
@@ -222,19 +241,30 @@ public class AttributeCollector implements IAction {
Logger.debug("Sending html content: " + writer.getBuffer().toString());
Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
-
httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
} catch (Exception e) {
Logger.error("Velocity error: " + e.getMessage());
}
-
- //HttpSession httpSession = this.httpResp.getSession();
- //httpSession.setAttribute("STORKSessionID", "12345");
- //Logger.info("Status code again: " + authnResponse.getStatusCode());
-
- //return "12345"; // AssertionId
}
+
+ /**
+ * Adds or updates all {@link PersonalAttribute} objects given in {@code source} to/in {@code target}.
+ *
+ * @param target the target
+ * @param source the source
+ */
+ private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) {
+ for (PersonalAttribute current : source) {
+ // check if we need to update the current pa
+ if (target.containsKey(current.getName())) {
+ target.get(current.getName()).setStatus(current.getStatus());
+ target.get(current.getName()).setValue(current.getValue());
+ target.get(current.getName()).setComplexValue(current.getComplexValue());
+ } else
+ target.add(current);
+ }
+ }
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
index 59376fef6..6fba91fde 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
@@ -34,13 +34,13 @@ public interface AttributeProvider {
* Perform redirect.
*
* @param url the return URL ending with ?artifactId=...
- * @param citizenCountyCode the citizen county code
+ * @param spCountyCode the sp county code
* @param req the request we got from the S-PEPS and for which we have to ask our APs
* @param resp the response to the preceding request
* @param oaParam the oa param
- * @throws MOAIDException
+ * @throws MOAIDException the mOAID exception
*/
- public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException;
+ public void performRedirect(String url, String spCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException;
/**
* Parses the response we got from the external attribute provider.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java
index 40c827ef8..a1c40526d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java
@@ -23,6 +23,9 @@ public class DataContainer implements Serializable {
/** The target. */
private String target;
+ /** The remote address. */
+ private String remoteAddress;
+
/**
* Gets the request.
*
@@ -76,4 +79,22 @@ public class DataContainer implements Serializable {
public void setTarget(String target) {
this.target = target;
}
+
+ /**
+ * Gets the remote address.
+ *
+ * @return the remote address
+ */
+ public String getRemoteAddress() {
+ return remoteAddress;
+ }
+
+ /**
+ * Sets the remote address.
+ *
+ * @param remoteAddress the new remote address
+ */
+ public void setRemoteAddress(String remoteAddress) {
+ this.remoteAddress = remoteAddress;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
index 8b96e0d10..4404af4e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
@@ -204,7 +204,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter)
*/
@Override
- public void performRedirect(String url, String citizenCountyCode,
+ public void performRedirect(String url, String spCountyCode,
HttpServletRequest req, HttpServletResponse resp,
OAAuthParameter oaParam) throws MOAIDException {
// there is no redirect required
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java
index 29b09487b..56f31723c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java
@@ -1,12 +1,27 @@
package at.gv.egovernment.moa.id.protocols.stork2;
public class ExternalAttributeRequestRequiredException extends Exception {
+
+ /** The Constant serialVersionUID. */
+ private static final long serialVersionUID = 5207631348933518908L;
+
+ /** The ap. */
private AttributeProvider ap;
+ /**
+ * Instantiates a new external attribute request required exception.
+ *
+ * @param provider the provider
+ */
public ExternalAttributeRequestRequiredException(AttributeProvider provider) {
ap = provider;
}
+ /**
+ * Gets the ap.
+ *
+ * @return the ap
+ */
public AttributeProvider getAp() {
return ap;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
index bd6f192dc..5efdfd117 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
@@ -91,13 +91,11 @@ public class StorkAttributeRequestProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String)
*/
- @Override
- public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException {
+ public void performRedirect(String url, String spCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException {
String spSector = "Business";
String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
String spApplication = spInstitution;
- String spCountry = "AT";
//generate AuthnRquest
STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest();
@@ -106,12 +104,13 @@ public class StorkAttributeRequestProvider implements AttributeProvider {
attributeRequest.setIssuer(HTTPUtils.getBaseURL(req));
attributeRequest.setQaa(oaParam.getQaaLevel());
attributeRequest.setSpInstitution(spInstitution);
- attributeRequest.setCountry(spCountry);
+ attributeRequest.setCountry(spCountryCode);
+ attributeRequest.setSpCountry(spCountryCode);
attributeRequest.setSpApplication(spApplication);
attributeRequest.setSpSector(spSector);
attributeRequest.setPersonalAttributeList(requestedAttributes);
- attributeRequest.setCitizenCountryCode(citizenCountryCode);
+ attributeRequest.setCitizenCountryCode("AT");
Logger.debug("STORK AttrRequest succesfully assembled.");