aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java319
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java99
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java221
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java157
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java325
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java113
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/S2Constants.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java42
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties5
13 files changed, 1325 insertions, 74 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a35bee2f8..e83718949 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1705,11 +1705,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String destination = cpeps.getPepsURL().toExternalForm();
Logger.debug("C-PEPS URL: " + destination);
- String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+
+ String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+ String acsURL = new DataURLBuilder().buildDataURL(issuerValue,
+ PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());
Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);
String providerName = oaParam.getFriendlyName();
- String issuerValue = HTTPUtils.getBaseURL(req);
Logger.debug("Issuer value: " + issuerValue);
// prepare collection of required attributes
@@ -1782,6 +1784,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("STORK AuthnRequest succesfully assembled.");
STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing");
+
+ if (samlEngine == null) {
+ Logger.error("Could not initalize STORK SAML engine.");
+ throw new MOAIDException("stork.00", null);
+
+ }
+
try {
authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest);
} catch (STORKSAMLEngineException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 2b5879901..b9f01ca9f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -16,9 +16,10 @@ import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.*;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import javax.servlet.http.HttpServletRequest;
@@ -54,6 +55,52 @@ public class AttributeCollector implements IAction {
throw new MOAIDException("stork.11", null);
}
+
+ // TODO extract attribute response and check if it corresponds to the container
+
+ if (httpReq.getParameter("SAMLResponse") != null) {
+ Logger.info("Got SAML response from external attribute provider.");
+
+ MOASTORKResponse STORK2Response = new MOASTORKResponse();
+
+ //extract STORK Response from HTTP Request
+ byte[] decSamlToken;
+ try {
+ decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse"));
+ } catch (NullPointerException e) {
+ if (httpReq.getRemoteHost().contains("129.27.142")) {
+ Logger.warn("Availability check by " + httpReq.getRemoteHost() + " on URI: " + httpReq.getRequestURI());
+ } else {
+ Logger.error("Unable to retrieve STORK Request for host: " + httpReq.getRemoteHost() + " and URI: " + httpReq.getRequestURI(), e);
+ }
+ throw new MOAIDException("stork.04", null);
+ }
+
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+
+ STORKAuthnResponse authnResponse = null;
+
+
+ // check if valid authn request is contained
+ try {
+ authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, httpReq.getRemoteAddr());
+ } catch (STORKSAMLEngineException ex) {
+ Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage());
+ }
+
+ STORK2Response.setSTORKAuthnResponseToken(decSamlToken);
+
+ if (authnResponse.getPersonalAttributeList().size() > 0) {
+ Logger.info("Response from external attribute provider contains " + authnResponse.getPersonalAttributeList().size() + " attributes.");
+ addOrUpdateAll(container.getResponse().getPersonalAttributeList(), authnResponse.getPersonalAttributeList());
+ }
+
+ }
+
+ // end addition
+
+
// read configuration parameters of OA
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL());
if (oaParam == null)
@@ -79,7 +126,8 @@ public class AttributeCollector implements IAction {
}
// - insert the embedded attribute(s) into the container
- addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes);
+ if (null != newAttributes)
+ addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes);
// see if we need some more attributes
SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam);
@@ -161,6 +209,7 @@ public class AttributeCollector implements IAction {
new ConsentEvaluator().generateSTORKResponse(response, container);
return null; // AssertionId
+ // TODO
} catch (ExternalAttributeRequestRequiredException e) {
// the attribute request is ongoing and requires an external service.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 3ac71be3b..0312f776b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -3,26 +3,35 @@ package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.*;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
-import org.joda.time.DateTime;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.StringWriter;
+import java.net.MalformedURLException;
+import java.net.URL;
/**
@@ -44,24 +53,24 @@ public class AuthenticationRequest implements IAction {
this.authData = authData;
- if (req instanceof MOASTORKRequest) {
+ if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("AT")) {
this.moaStorkRequest = (MOASTORKRequest) req;
Logger.debug("Entering MOASTORKRequest");
httpResp.reset();
-
+
//TODO: CHECK: req.getOAURL() should return the unique OA identifier
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
if (oaParam == null)
throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
-
+
// check if it is attribute query
if (moaStorkRequest.isAttrRequest()) {
Logger.debug("Starting AttrQueryRequest");
-
+
moaStorkResponse.setSTORKAttrResponse(new STORKAttrQueryResponse());
}
// check if we have authentication request
@@ -69,22 +78,20 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Starting AuthenticationRequest");
moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse());
+ //STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
- STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
-
- Logger.debug("Starting generation of SAML response");
- try {
- moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(),httpReq.getRemoteAddr(), false));
- } catch (STORKSAMLEngineException ex) {
- // TODO
- }
+ // Logger.debug("Starting generation of SAML response");
+ // try {
+ // moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(), httpReq.getRemoteAddr(), false));
+ // } catch (STORKSAMLEngineException ex) {
+ // Logger.error("Failed to generate STORK SAML Response", ex);
+ // throw new MOAIDException("stork.05", null); // TODO
+ // }
// Get personal attributtes from MOA/IdentityLink
moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam));
-
-
}
-
+
//moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
// Prepare extended attributes
@@ -101,31 +108,285 @@ public class AuthenticationRequest implements IAction {
container.setRemoteAddress(httpReq.getRemoteAddr());
+ Logger.debug("Data container prepared");
- STORKAuthnResponse arep = moaStorkResponse.getStorkAuthnResponse();
+ return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+ }
+ // check if we are getting request for citizen of some other country
+ else if (req instanceof MOASTORKRequest) {
+ return handleMOAStorkRequest("VIDP", (MOASTORKRequest) req, httpReq.getRemoteAddr(), httpResp);
+ }
+ // Check if we got the response from PEPS
+ // If so then process it and forward to SP
+ else if ((req instanceof MOASTORKResponse)) {
+ return handleMOAStorkResponse("VIDP", (MOASTORKResponse) req, httpReq.getRemoteAddr(), httpResp);
+ } else {
+ Logger.error("Could not recognize request.");
+ throw new MOAIDException("stork.15", null);
+ }
+ }
- arep.setCountry("XX");
- arep.setInResponseTo("xxxx");
- arep.setMessage("xxxx");
- arep.setSamlId("xxxx");
- arep.setStatusCode("xxxx");
+ /*
+ Handles STORKAuthnRequeste received for citizens of other countries
+ */
+ private SLOInformationInterface handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
- // arep.setNotBefore(new DateTime().withTimeAtStartOfDay());
- // arep.setNotOnOrAfter(new DateTime().withTimeAtStartOfDay());
+ STORKAuthnRequest spAuthnRequest = moastorkRequest.getStorkAuthnRequest();
+ STORKAuthnRequest storkAuthnRequest = null;
+ String citizenCountryCode = spAuthnRequest.getCitizenCountryCode();
+ Logger.info("Got authentication request for citizen of " + citizenCountryCode);
- Logger.debug("Data container prepared");
+ try {
+ storkAuthnRequest = (STORKAuthnRequest) spAuthnRequest.clone();
+ } catch (CloneNotSupportedException e) {
+ Logger.error("Could not clone AuthnRequest ", e);
+ throw new MOAIDException("stork.05", null); // TODO
+ }
//TODO: in case of Single LogOut -> SLO information has to be stored
- return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
- } else {
- Logger.error("Could not recognize request.");
- throw new MOAIDException("stork.15", null);
+ // check if citizen country is configured in the system
+ if (!(AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) {
+ Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode);
+ throw new MOAIDException("stork.05", null); // TODO
+ }
+
+ // extracting basic settings and adjusting assertion consumer
+ String issuer = null;
+ String assertionConsumerURL = null;
+ String publicURLPrefix = null;
+ String destinationURL = null;
+
+ try {
+ issuer = new URL(AuthConfigurationProvider.getInstance().getPublicURLPrefix()).toString();
+ destinationURL = AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString();
+ publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+ assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest";
+ } catch (MalformedURLException ex) {
+ Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProvider.getInstance().getPublicURLPrefix(), ex);
+ throw new MOAIDException("stork.05", null); // TODO
+ } catch (Exception ex) {
+ Logger.error("Problem with PEPS configuration of MOA instance.", ex);
+ throw new MOAIDException("stork.05", null); // TODO
+ }
+
+
+ // drop if we do not have publicprefix url configured on the instance
+ if (publicURLPrefix == null)
+ throw new AuthenticationException("stork.12", new String[]{"PublicURLPrefix"});
+
+ // adjusting request
+ storkAuthnRequest.setEIDCrossBorderShare(spAuthnRequest.isEIDCrossBorderShare());
+ storkAuthnRequest.setEIDSectorShare(spAuthnRequest.isEIDSectorShare());
+ storkAuthnRequest.setEIDCrossSectorShare(spAuthnRequest.isEIDCrossSectorShare());
+ storkAuthnRequest.setCitizenCountryCode(spAuthnRequest.getCitizenCountryCode());
+ storkAuthnRequest.setIssuer(issuer);
+ storkAuthnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
+ storkAuthnRequest.setDestination(destinationURL);
+
+ // regenerate request
+ try {
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+ Logger.debug("Starting generation of SAML request");
+ storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest);
+
+ //generateSAML Token
+ Logger.info("SAML response succesfully generated!");
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Failed to generate STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null);
+ }
+
+ // store original request from SP in order to be able to extract it in later iteration/response
+ DataContainer spRequestContainer = new DataContainer();
+ spRequestContainer.setRequest(moastorkRequest);
+
+ try {
+ AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), spRequestContainer);
+ Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request with id " + spAuthnRequest.getSamlId());
+ } catch (MOADatabaseException e) {
+ e.printStackTrace();
+ }
+
+ // preparing redirection for the client
+ performRedirection("SAMLRequest", destinationURL, storkAuthnRequest.getTokenSaml(), httpResp);
+
+ SLOInformationImpl sloInfo = new SLOInformationImpl();
+ sloInfo.setProtocolType(moastorkRequest.requestedModule());
+ return sloInfo;
+ }
+
+ /*
+ Handles STORKAuthnResponse received from PEPS (return to SP)
+ */
+ private SLOInformationInterface handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
+
+ STORKAuthnResponse authnResponse = null;
+
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance(instanceName);
+
+ try {
+ authnResponse = engine.validateSTORKAuthnResponse(moastorkResponse.getSTORKAuthnResponseToken(), remoteAddr);
+ } catch (STORKSAMLEngineException ex) {
+ Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage());
+ throw new MOAIDException("stork.15", null); // TODO
+ }
+
+ Logger.debug("Requesting artifactId " + authnResponse.getInResponseTo() + " from store.");
+
+ DataContainer dataContainer = null;
+ try {
+ dataContainer = AssertionStorage.getInstance().get(authnResponse.getInResponseTo(), DataContainer.class);
+ } catch (MOADatabaseException e) {
+ Logger.error("Unable to retrieve datacontainer with reference authentication request. Database exception.");
+ throw new MOAIDException("stork.15", null); // TODO
+ }
+
+ // setting new reference request and return url
+ authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId());
+ authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL());
+ //AudienceRestrictionBuilder audienceRestrictionBuilder = new AudienceRestrictionBuilder();
+ //AudienceRestriction audienceRestriction = audienceRestrictionBuilder.buildObject(dataContainer.getRequest().getAssertionConsumerServiceURL(), "localname", "nameprefix");
+
+ //authnResponse.getAssertions().get(0).getConditions().getAudienceRestrictions().add(audienceRestriction);
+
+ Logger.debug("Starting generation of SAML response");
+ try {
+ authnResponse = engine.generateSTORKAuthnResponse(dataContainer.getRequest().getStorkAuthnRequest(), authnResponse, remoteAddr, false);
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Failed to generate STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null); // TODO check
+ }
+
+ Logger.info("SAML response succesfully generated.");
+
+ // preparing redirection for the client
+ performRedirection("SAMLResponse", dataContainer.getRequest().getAssertionConsumerServiceURL(), authnResponse.getTokenSaml(), httpResp);
+
+ return null;
+ }
+
+ /*
+ Perform redirection of the client based on post binding
+ */
+ private void performRedirection(String actionType, String assertionConsumerURL, byte[] tokenSaml, HttpServletResponse httpResp) throws MOAIDException {
+ Logger.info("Performing redirection, using action type: " + actionType);
+
+ try {
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
+
+ context.put(actionType, PEPSUtil.encodeSAMLToken(tokenSaml));
+ Logger.debug("Encoded " + actionType + " original: " + new String(tokenSaml));
+
+ Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL);
+ context.put("action", assertionConsumerURL);
+
+ Logger.debug("Starting template merge");
+ StringWriter writer = new StringWriter();
+
+ Logger.debug("Doing template merge");
+ template.merge(context, writer);
+ Logger.debug("Template merge done");
+
+ Logger.debug("Sending html content: " + writer.getBuffer().toString());
+ Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
+
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+ } catch (IOException e) {
+ Logger.error("Velocity IO error: " + e.getMessage());
+ throw new MOAIDException("stork.15", null); // TODO
+ } catch (Exception e) {
+ Logger.error("Velocity general error: " + e.getMessage());
+ throw new MOAIDException("stork.15", null); // TODO
+ }
+
+ }
+
+ public void generatePEPSRedirect(HttpServletResponse httpResp, DataContainer container) throws MOAIDException {
+ MOASTORKRequest request = container.getRequest();
+ MOASTORKResponse response = container.getResponse();
+
+ Logger.info("generating stork response...");
+
+ try {
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+ Logger.debug("Starting generation of SAML response");
+ if (response.isAuthnResponse())
+ response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false));
+ else
+ response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false));
+
+
+ //generateSAML Token
+ Logger.info("SAML response succesfully generated!");
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Failed to generate STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null);
+ }
+
+ // preparing redirection for the client
+ try {
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
+
+ byte[] blob;
+ if (request.isAttrRequest())
+ blob = response.getStorkAttrQueryResponse().getTokenSaml();
+ else
+ blob = response.getStorkAuthnResponse().getTokenSaml();
+
+ context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob));
+ Logger.debug("SAMLResponse original: " + new String(blob));
+
+ Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL());
+ context.put("action", request.getAssertionConsumerServiceURL());
+ Logger.debug("Starting template merge");
+ StringWriter writer = new StringWriter();
+
+ Logger.debug("Doing template merge");
+ template.merge(context, writer);
+ Logger.debug("Template merge done");
+
+ Logger.debug("Sending html content: " + writer.getBuffer().toString());
+ Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
+
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+ } catch (Exception e) {
+ Logger.error("Velocity error: " + e.getMessage());
}
}
+
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+
+ // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country
+ if (req instanceof MOASTORKRequest) {
+ MOASTORKRequest moastorkRequest = (MOASTORKRequest) req;
+ if (moastorkRequest.getStorkAuthnRequest() != null) {
+ String citizenCountryCode = moastorkRequest.getStorkAuthnRequest().getCitizenCountryCode();
+ // check if citizen country is configured in the system
+ try {
+ if (AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode)) {
+ return false;
+ }
+ } catch (MOAIDException e) {
+ Logger.error("Could not initialize AuthConfigurationProvider");
+ }
+ }
+ // authentication is not required if received authentication response
+ } else if (req instanceof MOASTORKResponse) {
+ return false;
+ }
+
return true;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java
new file mode 100644
index 000000000..4bea124cb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java
@@ -0,0 +1,99 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+import javanet.staxutils.SimpleNamespaceContext;
+import org.xml.sax.InputSource;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+import java.io.StringReader;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.HashMap;
+
+/**
+ * Physical person representing corporate body
+ *
+ * @author bsuzic
+ * Date: 4/29/14, Time: 3:40 PM
+ */
+public class CorporateBodyMandateContainer extends MandateContainer {
+
+ protected String corpMandatorIdentificationValue = null;
+ protected String corpMandatorIdentificationType = null;
+ protected String corpMandatorFullName = null;
+
+
+ String localMethods[] = new String[]{"getCorpMandatorIdentificationValue", "getCorpMandatorIdentificationType", "getCorpMandatorFullName",
+ "getMandateIssuePlace", "getMandateIssueDate", "getMandateIssueTime", "getSimpleMandateContent", "getMandateValidFrom",
+ "getMandateValidTo", "getPhysicalRepresentativeIdentificationValue", "getPhysicalRepresentativeIdentificationType", "getAnnotation",
+ "getPhysicalRepresentativeGivenName", "getPhysicalRepresentativeFamilyName", "getPhysicalRepresentativeBirthDate"
+ };
+
+ public CorporateBodyMandateContainer(String mandate) throws XPathExpressionException, MOAIDException {
+ super(mandate);
+ Logger.debug("Initializing corporate body mandate container.");
+
+ setAnnotation(xPath.evaluate(S2Constants.MANDATE_ANNOTATION_QUERY, new InputSource(new StringReader(mandate))));
+ setCorpMandatorFullName(xPath.evaluate(S2Constants.MANDATE_MANDATOR_CORPBODY_FULLNAME_QUERY, new InputSource(new StringReader(mandate))));
+ setCorpMandatorIdentificationType(xPath.evaluate(S2Constants.MANDATE_MANDATOR_CORPBODY_IDTYPE_QUERY, new InputSource(new StringReader(mandate))));
+ setCorpMandatorIdentificationValue(xPath.evaluate(S2Constants.MANDATE_MANDATOR_CORPBODY_IDVALUE_QUERY, new InputSource(new StringReader(mandate))));
+ setMandateIssueDate(xPath.evaluate(S2Constants.MANDATE_ISSUEDDATE_QUERY, new InputSource(new StringReader(mandate))));
+ setMandateIssuePlace(xPath.evaluate(S2Constants.MANDATE_ISSUEDPLACE_QUERY, new InputSource(new StringReader(mandate))));
+ setMandateIssueTime(xPath.evaluate(S2Constants.MANDATE_ISSUEDTIME_QUERY, new InputSource(new StringReader(mandate))));
+ setMandateValidFrom(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_VALIDFROM_QUERY, new InputSource(new StringReader(mandate))));
+ setMandateValidTo(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_VALIDTO_QUERY, new InputSource(new StringReader(mandate))));
+ setPhysicalRepresentativeBirthDate(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_DATEOFBIRTH_QUERY, new InputSource(new StringReader(mandate))));
+ setPhysicalRepresentativeFamilyName(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_FAMILYNAME_QUERY, new InputSource(new StringReader(mandate))));
+ setPhysicalRepresentativeGivenName(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_GIVENNAME_QUERY, new InputSource(new StringReader(mandate))));
+ setPhysicalRepresentativeIdentificationType(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_IDTYPE_QUERY, new InputSource(new StringReader(mandate))));
+ setPhysicalRepresentativeIdentificationValue(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_IDVALUE_QUERY, new InputSource(new StringReader(mandate))));
+ setSimpleMandateContent(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_TXTDESC_QUERY, new InputSource(new StringReader(mandate))));
+
+ // check if all necessary fields are present
+ Logger.debug("Starting mandate structure validation");
+ try {
+ validateMandateStructure(localMethods); // TODO
+ } catch (Exception e) {
+
+ if (e instanceof MOAIDException) {
+ Logger.error("Could not validate mandate structure.");
+ throw new MOAIDException("stork.16", new Object[] {e.getMessage()}); // TODO
+ } else {
+ Logger.error("Error during mandate structure validation.");
+ throw new MOAIDException("stork.16", new Object[] {e.getMessage()}); // TODO
+ }
+
+ }
+
+ }
+
+ public String getCorpMandatorIdentificationValue() {
+ return corpMandatorIdentificationValue;
+ }
+
+ public void setCorpMandatorIdentificationValue(String corpMandatorIdentificationValue) {
+ this.corpMandatorIdentificationValue = corpMandatorIdentificationValue;
+ }
+
+ public String getCorpMandatorIdentificationType() {
+ return corpMandatorIdentificationType;
+ }
+
+ public void setCorpMandatorIdentificationType(String corpMandatorIdentificationType) {
+ this.corpMandatorIdentificationType = corpMandatorIdentificationType;
+ }
+
+ public String getCorpMandatorFullName() {
+ return corpMandatorFullName;
+ }
+
+ public void setCorpMandatorFullName(String corpMandatorFullName) {
+ this.corpMandatorFullName = corpMandatorFullName;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index 9508919b0..d7927a917 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -10,6 +10,7 @@ import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
/**
* Implements MOA request and stores StorkAuthn/Attr-Request related data.
@@ -30,6 +31,7 @@ public class MOASTORKRequest extends RequestImpl {
/** The stork attr query request. */
private STORKAttrQueryRequest storkAttrQueryRequest;
+
/**
* Sets the sTORK authn request.
*
@@ -66,7 +68,6 @@ public class MOASTORKRequest extends RequestImpl {
return null != storkAuthnRequest;
}
-
/**
* Gets the stork authn request.
*
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
index 4e0f57779..2cd0e1d57 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
@@ -1,28 +1,128 @@
package at.gv.egovernment.moa.id.protocols.stork2;
-import java.io.Serializable;
-
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import java.io.Serializable;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
/**
* Implements MOA request and stores StorkAuthn/Attr-Request related data.
*
* @author bsuzic
*/
-public class MOASTORKResponse implements Serializable {
-
- /** The Constant serialVersionUID. */
- private static final long serialVersionUID = -5798803155055518747L;
-
- /** The stork authn request. */
- private STORKAuthnResponse storkAuthnResponse;
-
- /** The stork attr query request. */
+public class MOASTORKResponse extends RequestImpl {
+
+ /**
+ * The Constant serialVersionUID.
+ */
+ private static final long serialVersionUID = -5798803155055518747L;
+
+ /**
+ * The stork authn request.
+ */
+ private STORKAuthnResponse storkAuthnResponse;
+
+ /**
+ * The stork attr query request.
+ */
private STORKAttrQueryResponse storkAttrQueryResponse;
-
+
+ /**
+ * The action.
+ */
+ String action = null;
+
+ /**
+ * The token
+ */
+ private byte[] storkAuthnResponseToken = null;
+
+ /**
+ * The request id.
+ */
+ private String requestID;
+
+
+ /**
+ * The module.
+ */
+ String module = null;
+
+ /**
+ * The target.
+ */
+ private String target = null;
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule()
+ */
+ public String requestedModule() {
+ return this.module;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction()
+ */
+ public String requestedAction() {
+ return action;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID()
+ */
+ public String getRequestID() {
+ return this.requestID;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getTarget()
+ */
+ public String getTarget() {
+ return this.target;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#isSSOSupported()
+ */
+ public boolean isSSOSupported() {
+ return false;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth()
+ */
+ public boolean forceAuth() {
+ return false;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#setModule(java.lang.String)
+ */
+ public void setModule(String module) {
+ this.module = module;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String)
+ */
+ public void setRequestID(String id) {
+ this.requestID = id;
+ }
+
/**
* Sets the sTORK authn response.
*
@@ -33,6 +133,23 @@ public class MOASTORKResponse implements Serializable {
}
/**
+ * Sets the sTORK authn response token
+ *
+ * @param request the new sTORK authn response token
+ */
+ public void setSTORKAuthnResponseToken(byte[] token) {
+ this.storkAuthnResponseToken = token;
+ }
+
+ /**
+ * Gets the sTORK authn response token .
+ *
+ * @param request the new sTORK authn response
+ */
+ public byte[] getSTORKAuthnResponseToken() {
+ return this.storkAuthnResponseToken;
+ }
+ /**
* Sets the sTORK attr response.
*
* @param request the new sTORK attr response
@@ -77,17 +194,17 @@ public class MOASTORKResponse implements Serializable {
public STORKAttrQueryResponse getStorkAttrQueryResponse() {
return this.storkAttrQueryResponse;
}
-
+
/**
* Gets the personal attribute list.
*
* @return the personal attribute list
*/
public IPersonalAttributeList getPersonalAttributeList() {
- if(isAttrResponse())
- return this.storkAttrQueryResponse.getPersonalAttributeList();
- else
- return this.storkAuthnResponse.getPersonalAttributeList();
+ if (isAttrResponse())
+ return this.storkAttrQueryResponse.getPersonalAttributeList();
+ else
+ return this.storkAuthnResponse.getPersonalAttributeList();
}
/**
@@ -96,22 +213,62 @@ public class MOASTORKResponse implements Serializable {
* @param populateAttributes the new personal attribute list
*/
public void setPersonalAttributeList(PersonalAttributeList populateAttributes) {
- if(isAttrResponse())
- this.storkAttrQueryResponse.setPersonalAttributeList(populateAttributes);
- else
- this.storkAuthnResponse.setPersonalAttributeList(populateAttributes);
- }
-
- /**
- * Sets the country.
- *
- * @param spCountry the new country
+ if (isAttrResponse())
+ this.storkAttrQueryResponse.setPersonalAttributeList(populateAttributes);
+ else
+ this.storkAuthnResponse.setPersonalAttributeList(populateAttributes);
+ }
+
+ /**
+ * Sets the country.
+ *
+ * @param spCountry the new country
+ */
+ public void setCountry(String spCountry) {
+ if (isAttrResponse())
+ this.storkAttrQueryResponse.setCountry(spCountry);
+ else
+ this.storkAuthnResponse.setCountry(spCountry);
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL()
+ */
+ public String getOAURL() {
+ if (isAuthnResponse())
+ return storkAuthnResponse.getAudienceRestriction();
+ else if (isAttrResponse())
+ return storkAttrQueryResponse.getAudienceRestriction();
+ else {
+ Logger.error("There is no authentication or attribute request contained in MOASTORKRequest.");
+ return null;
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv()
+ */
+ public boolean isPassiv() {
+ return false;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#setAction(java.lang.String)
+ */
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
- public void setCountry(String spCountry) {
- if(isAttrResponse())
- this.storkAttrQueryResponse.setCountry(spCountry);
- else
- this.storkAuthnResponse.setCountry(spCountry);
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ // TODO Auto-generated method stub
+ return null;
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
index eda712467..8616b0430 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
@@ -59,6 +59,9 @@ public class MandateAttributeRequestProvider implements AttributeProvider {
}
PersonalAttributeList result = new PersonalAttributeList();
//return result;
+
+
+
Logger.info("Thrown external request by: " + getAttrProviderName());
throw new ExternalAttributeRequestRequiredException(this);
}
@@ -69,7 +72,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider {
String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
String spApplication = spInstitution;
- //generate AuthnRquest
+ //generate AttrQueryRequest
STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest();
attributeRequest.setDestination(destination);
attributeRequest.setAssertionConsumerServiceURL(url);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java
new file mode 100644
index 000000000..542776f52
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java
@@ -0,0 +1,157 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+import javanet.staxutils.SimpleNamespaceContext;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.HashMap;
+
+/**
+ * @author bsuzic
+ * Date: 5/5/14, Time: 2:35 PM
+ */
+public abstract class MandateContainer {
+ protected String mandateIssuePlace = null;
+ protected String mandateIssueDate = null;
+ protected String mandateIssueTime = null;
+ protected String simpleMandateContent = null;
+ protected String mandateValidFrom = null;
+ protected String mandateValidTo = null;
+ protected String annotation = null;
+ protected String physicalRepresentativeIdentificationValue = null;
+ protected String physicalRepresentativeIdentificationType = null;
+ protected String physicalRepresentativeGivenName = null;
+ protected String physicalRepresentativeFamilyName = null;
+ protected String physicalRepresentativeBirthDate = null;
+ protected XPath xPath = null;
+
+
+ public MandateContainer(String mandate) throws XPathExpressionException, MOAIDException {
+ xPath = XPathFactory.newInstance().newXPath();
+ HashMap<String, String> prefMap = new HashMap<String, String>() {{
+ put(S2Constants.MANDATE_PREFIX, S2Constants.MANDATE_NS);
+ put(S2Constants.PERSONDATA_PREFIX, S2Constants.PERSONDATA_NS);
+ put(S2Constants.XMLDSIG_PREFIX, S2Constants.XMLDSIG_NS);
+ }};
+
+ SimpleNamespaceContext namespace = new SimpleNamespaceContext(prefMap);
+ xPath.setNamespaceContext(namespace);
+ }
+
+
+ public void validateMandateStructure(String localMethods[]) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException, MOAIDException {
+ for (String localMethod : localMethods) {
+ Method method = this.getClass().getMethod(localMethod);
+ Object x = method.invoke(this);
+ if ((x == null) || x.toString().length() == 0) {
+ throw new MOAIDException("stork.16", new Object[] {localMethod}); // TODO
+ }
+ }
+ Logger.debug("Mandate structure validated");
+ }
+
+
+ public String getMandateIssuePlace() {
+ return mandateIssuePlace;
+ }
+
+ public void setMandateIssuePlace(String mandateIssuePlace) {
+ this.mandateIssuePlace = mandateIssuePlace;
+ }
+
+ public String getMandateIssueDate() {
+ return mandateIssueDate;
+ }
+
+ public void setMandateIssueDate(String mandateIssueDate) {
+ this.mandateIssueDate = mandateIssueDate;
+ }
+
+ public String getMandateIssueTime() {
+ return mandateIssueTime;
+ }
+
+ public void setMandateIssueTime(String mandateIssueTime) {
+ this.mandateIssueTime = mandateIssueTime;
+ }
+
+ public String getSimpleMandateContent() {
+ return simpleMandateContent;
+ }
+
+ public void setSimpleMandateContent(String simpleMandateContent) {
+ this.simpleMandateContent = simpleMandateContent;
+ }
+
+ public String getMandateValidFrom() {
+ return mandateValidFrom;
+ }
+
+ public void setMandateValidFrom(String mandateValidFrom) {
+ this.mandateValidFrom = mandateValidFrom;
+ }
+
+ public String getMandateValidTo() {
+ return mandateValidTo;
+ }
+
+ public void setMandateValidTo(String mandateValidTo) {
+ this.mandateValidTo = mandateValidTo;
+ }
+
+ public String getPhysicalRepresentativeIdentificationValue() {
+ return physicalRepresentativeIdentificationValue;
+ }
+
+ public void setPhysicalRepresentativeIdentificationValue(String physicalRepresentativeIdentificationValue) {
+ this.physicalRepresentativeIdentificationValue = physicalRepresentativeIdentificationValue;
+ }
+
+ public String getPhysicalRepresentativeIdentificationType() {
+ return physicalRepresentativeIdentificationType;
+ }
+
+ public void setPhysicalRepresentativeIdentificationType(String physicalRepresentativeIdentificationType) {
+ this.physicalRepresentativeIdentificationType = physicalRepresentativeIdentificationType;
+ }
+
+ public String getPhysicalRepresentativeGivenName() {
+ return physicalRepresentativeGivenName;
+ }
+
+ public void setPhysicalRepresentativeGivenName(String physicalRepresentativeGivenName) {
+ this.physicalRepresentativeGivenName = physicalRepresentativeGivenName;
+ }
+
+ public String getPhysicalRepresentativeFamilyName() {
+ return physicalRepresentativeFamilyName;
+ }
+
+ public void setPhysicalRepresentativeFamilyName(String physicalRepresentativeFamilyName) {
+ this.physicalRepresentativeFamilyName = physicalRepresentativeFamilyName;
+ }
+
+ public String getPhysicalRepresentativeBirthDate() {
+ return physicalRepresentativeBirthDate;
+ }
+
+ public void setPhysicalRepresentativeBirthDate(String physicalRepresentativeBirthDate) {
+ this.physicalRepresentativeBirthDate = physicalRepresentativeBirthDate;
+ }
+
+ public String getAnnotation() {
+ return annotation;
+ }
+
+ public void setAnnotation(String annotation) {
+ this.annotation = annotation;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index a3b3263d6..a4257c387 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -1,25 +1,348 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
+import eu.stork.peps.complex.attributes.*;
+import org.apache.xerces.impl.dv.DatatypeException;
+import org.w3c.dom.Node;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Marshaller;
+import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.datatype.DatatypeFactory;
+import javax.xml.datatype.XMLGregorianCalendar;
+import javax.xml.namespace.QName;
+import java.io.StringWriter;
+import java.math.BigInteger;
+import java.util.ArrayList;
/**
*
*/
public class MandateRetrievalRequest implements IAction {
+
+ private IAuthData authData;
+ private MOASTORKRequest moaStorkRequest;
+
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
- Logger.info("Entering mandateretrievalrequest");
+ Logger.debug("Entering AttributeRequest for MandateProvider");
+ httpResp.reset();
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
+ if (oaParam == null)
+ throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
+
+ MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
+ STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse();
+
+ this.authData = authData;
+
+ if ((req instanceof MOASTORKRequest)) {
+ this.moaStorkRequest = (MOASTORKRequest) req;
+
+ } else {
+ return null; // TODO
+ }
+
+
+ if (moaStorkRequest.isAttrRequest() && moaStorkRequest.getStorkAttrQueryRequest() != null) {
+ MandateContainer mandateContainer = null;
+
+ try {
+ mandateContainer = new CorporateBodyMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
+ } catch (Exception ex) {
+ try {
+ mandateContainer = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
+ } catch (Exception ex2) {
+ Logger.error("Could not extract data and create mandate container.");
+ throw new MOAIDException("stork.16", new Object[] {}); // TODO
+ }
+ }
+
+ if (mandateContainer instanceof CorporateBodyMandateContainer) {
+
+ } else if (mandateContainer instanceof PhyPersonMandateContainer) {
+
+ }
+
+
+
+
+
+
+// moaStorkResponse.setPersonalAttributeList(populateAttributes());
+
+ //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
+
+ IPersonalAttributeList sourceAttributeList = moaStorkRequest.getStorkAttrQueryRequest().getPersonalAttributeList();
+
+ IPersonalAttributeList attributeList = new PersonalAttributeList();
+
+ for (PersonalAttribute currentAttribute : sourceAttributeList) {
+ Logger.debug("Evaluating currentattribute " + currentAttribute.getName());
+ if (currentAttribute.getName().equals("mandateContent")) {
+ MandateContentType mandateContent = getMandateContent(mandateContainer, currentAttribute);
+ attributeList.add(marshallComplexAttribute(currentAttribute, mandateContent));
+
+ // final Marshaller marshaller = JAXBContext.newInstance(MandateContentType.class).createMarshaller();
+ // marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+
+ // StringWriter stringWriter = new StringWriter();
+
+ // marshaller.marshal(new JAXBElement<MandateContentType>(new QName("urn:eu:stork:names:tc:STORK:1.0:assertion", "mandateContent"), MandateContentType.class, null, mandateContent), stringWriter);
+
+ // ArrayList<String> value = new ArrayList<String>();
+ // value.add(stringWriter.toString());
+
+ // PersonalAttribute mandateContentAttribute = new PersonalAttribute("mandateContent", false, value, "Available");
+
+ // attributeList.add(mandateContentAttribute);
+ } else
+ if (currentAttribute.getName().equals("representative")) { // TODO CHECK
+ RepresentationPersonType representative = getRepresentative(mandateContainer, currentAttribute);
+ attributeList.add(marshallComplexAttribute(currentAttribute, representative));
+
+ //attributeList.add(getRepresentative(mandateContainer, currentAttribute));
+ } else
+ if (currentAttribute.getName().equals("represented")) {
+ //attributeList.add(getRepresented(mandateContainer, currentAttribute));
+ RepresentationPersonType represented = getRepresented(mandateContainer, currentAttribute);
+ attributeList.add(marshallComplexAttribute(currentAttribute, represented));
+
+ } else
+ if (currentAttribute.getName().equals("mandateType")) {
+ //attributeList.add(getMandateType(mandateContainer, currentAttribute));
+ MandateType mandateType = getMandateType(mandateContainer, currentAttribute);
+ attributeList.add(marshallComplexAttribute(currentAttribute, mandateType));
+
+ }
+
+ }
+
+ attrResponse.setPersonalAttributeList(attributeList);
+ moaStorkResponse.setSTORKAttrResponse(attrResponse);
+
+ Logger.debug("Attributes " + moaStorkResponse.getStorkAttrQueryResponse().getPersonalAttributeList().size());
+
+ // Prepare extended attributes
+ Logger.debug("Preparing data container");
+
+ // create fresh container
+ DataContainer container = new DataContainer();
+
+ // - fill in the request we extracted above
+ container.setRequest(moaStorkRequest);
+
+ // - fill in the partial response created above
+ container.setResponse(moaStorkResponse);
+
+ container.setRemoteAddress(httpReq.getRemoteAddr());
+
+ Logger.debug("Data container prepared");
+
+ // ask for consent if necessary
+ if (oaParam.isRequireConsentForStorkAttributes())
+ new ConsentEvaluator().requestConsent(container, httpResp, oaParam);
+ else
+ new ConsentEvaluator().generateSTORKResponse(httpResp, container);
+
+
+ //return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
+ }
+
+
return null; //
}
+ private PersonalAttribute marshallComplexAttribute(PersonalAttribute currentAttribute, Object obj) { // TODO refactor
+
+
+ StringWriter stringWriter = new StringWriter();
+ try {
+ if (obj instanceof MandateContentType) {
+ final Marshaller marshaller = JAXBContext.newInstance(MandateContentType.class).createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+ marshaller.marshal(new JAXBElement<MandateContentType>(new QName("urn:eu:stork:names:tc:STORK:1.0:assertion", currentAttribute.getName()), MandateContentType.class, null, (MandateContentType)obj), stringWriter);
+ } else if (obj instanceof MandateType) {
+ final Marshaller marshaller = JAXBContext.newInstance(MandateType.class).createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+ marshaller.marshal(new JAXBElement<MandateType>(new QName("urn:eu:stork:names:tc:STORK:1.0:assertion", currentAttribute.getName()), MandateType.class, null, (MandateType)obj), stringWriter);
+ } else if (obj instanceof RepresentationPersonType) {
+ final Marshaller marshaller = JAXBContext.newInstance(RepresentationPersonType.class).createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+ marshaller.marshal(new JAXBElement<RepresentationPersonType>(new QName("urn:eu:stork:names:tc:STORK:1.0:assertion", currentAttribute.getName()), RepresentationPersonType.class, null, (RepresentationPersonType)obj), stringWriter);
+ }
+
+ } catch (Exception ex) {
+ Logger.error("Could not marshall atrribute: " + currentAttribute.getName() + ", " + ex.getMessage());
+ return new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), new ArrayList<String>(), "NotAvailable");
+ }
+ ArrayList<String> value = new ArrayList<String>();
+ value.add(stringWriter.toString());
+
+ PersonalAttribute personalAttribute = new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), value, "Available");
+
+ return personalAttribute;
+ }
+
+
+ private void populateMandatingData(AuthenticationSession moasession) {
+ MandateType mandateType = new MandateType();
+ RepresentationPersonType representationPersonType = new RepresentationPersonType();
+ MandateContentType mandateContentType = new MandateContentType();
+ }
+
+
+ private void populateRepresented(AuthenticationSession moasession) {
+
+ MandateContainer mc = null;
+
+ try {
+ mc = new CorporateBodyMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
+ } catch (Exception ex) {
+ Logger.error("CORPORATE ERROR");
+ try {
+ mc = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
+ } catch (Exception ex2) {
+ Logger.error("PERSON ERROR");
+ }
+ }
+
+ if (mc instanceof CorporateBodyMandateContainer) {
+ Logger.error("Instance of Corp");
+ } else if (mc instanceof PhyPersonMandateContainer) {
+ Logger.error("Instance of Phy");
+ }
+
+
+ }
+
+
+ private Node extractChildNode(Node node, String childName) throws MOAIDException {
+ if (!node.hasChildNodes()) {
+ throw new MOAIDException("stork.11", null); // TODO description
+ }
+ for (int n = 0; n < node.getChildNodes().getLength(); n++) {
+ if (node.getChildNodes().item(n).getNodeName().equals(childName)) {
+ return node.getChildNodes().item(n);
+ }
+ }
+ throw new MOAIDException("stork.11", null); // TODO description
+
+ }
+
+ private String extractNodeTextContent(Node node, String childName) throws MOAIDException {
+ if (!node.hasChildNodes()) {
+ throw new MOAIDException("stork.11", null); // TODO description
+ }
+ for (int n = 0; n < node.getChildNodes().getLength(); n++) {
+ if (node.getChildNodes().item(n).getNodeName().equals(childName)) {
+ return node.getTextContent();
+ }
+ }
+ throw new MOAIDException("stork.11", null); // TODO description
+ }
+
+ private String mapPowersType(MandateContainer mandateContainer) { // TODO
+ return "";
+ }
+
+ private String mapCompanyType(MandateContainer mandateContainer) { // TODO
+ return "";
+ }
+
+ private MandateType getMandateType(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException {
+ MandateType mandateType = new MandateType();
+ RepresentationPersonType representative = getRepresentative(mandateContainer, sourceAttribute);
+ RepresentationPersonType represented = getRepresented(mandateContainer, sourceAttribute);
+ MandateContentType mandateContent = getMandateContent(mandateContainer, sourceAttribute);
+ mandateType.setRepresenting(representative);
+ mandateType.setRepresented(represented);
+ mandateType.setMandateContent(mandateContent);
+ Logger.debug("Complex attribute extracted: " + sourceAttribute.getName());
+ return mandateType;
+ }
+
+
+ private RepresentationPersonType getRepresentative(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) {
+ RepresentationPersonType representative = new RepresentationPersonType();
+
+ if (mandateContainer instanceof CorporateBodyMandateContainer) {
+ Logger.error("Company as representative not supported"); // TODO
+
+ } else if (mandateContainer instanceof PhyPersonMandateContainer) {
+ PhyPersonMandateContainer phyPersonMandateContainer = (PhyPersonMandateContainer)mandateContainer;
+ representative.setEIdentifier(""); // TODO CALCULATE
+ representative.setGivenName(phyPersonMandateContainer.getPhysicalRepresentativeGivenName());
+ representative.setSurname(phyPersonMandateContainer.getPhysicalRepresentativeFamilyName());
+ representative.setDateOfBirth(phyPersonMandateContainer.getPhysicalRepresentativeBirthDate());
+ }
+
+ Logger.debug("Complex attribute extracted: " + sourceAttribute.getName());
+ return representative;
+ }
+
+ private RepresentationPersonType getRepresented(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) {
+ RepresentationPersonType represented = new RepresentationPersonType();
+
+ if (mandateContainer instanceof CorporateBodyMandateContainer) {
+ CorporateBodyMandateContainer corporateBodyMandateContainer = (CorporateBodyMandateContainer)mandateContainer;
+ represented.setELPIdentifier(corporateBodyMandateContainer.getCorpMandatorIdentificationValue());
+ represented.setName(corporateBodyMandateContainer.getCorpMandatorFullName());
+ represented.setAddress("");
+ represented.setCanonicalAddress(new CanonicalAddressType());
+ represented.setType(mapCompanyType(mandateContainer)); // TODO
+ } else if (mandateContainer instanceof PhyPersonMandateContainer) {
+ PhyPersonMandateContainer phyPersonMandateContainer = (PhyPersonMandateContainer)mandateContainer;
+ represented.setEIdentifier(""); // TODO CALCULATE
+ represented.setGivenName(phyPersonMandateContainer.getPhyPersMandatorGivenName());
+ represented.setSurname(phyPersonMandateContainer.getPhyPersMandatorFamilyName());
+ represented.setDateOfBirth(phyPersonMandateContainer.getPhyPersMandatorBirthDate());
+ }
+
+ Logger.debug("Complex attribute extracted: " + sourceAttribute.getName());
+
+ return represented;
+ }
+
+
+ private MandateContentType getMandateContent(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException {
+ MandateContentType mandateContent = new MandateContentType();
+ try {
+ XMLGregorianCalendar validFrom = DatatypeFactory.newInstance().newXMLGregorianCalendar(mandateContainer.getMandateValidFrom());
+
+ XMLGregorianCalendar validTo = DatatypeFactory.newInstance().newXMLGregorianCalendar(mandateContainer.getMandateValidTo());
+ mandateContent.setValidFrom(validFrom);
+ mandateContent.setValidTo(validTo);
+ } catch (DatatypeConfigurationException dte) {
+ Logger.error("Error converting data from mandate");
+ throw new MOAIDException("stork.16", new Object[] {}); // TODO
+
+ }
+
+ mandateContent.setTransactionLimit(BigInteger.valueOf(0)); // TODO
+ mandateContent.setTransactionLimitCurrency("");// TODO
+ mandateContent.setIsJoint("");
+ mandateContent.setIschained(false);
+ mandateContent.setTypePower(mapPowersType(mandateContainer));
+ Logger.debug("Complex attribute extracted: " + sourceAttribute.getName());
+ return mandateContent;
+ }
+
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
return true; //
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java
new file mode 100644
index 000000000..c4be57bd3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java
@@ -0,0 +1,113 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+import javanet.staxutils.SimpleNamespaceContext;
+import org.xml.sax.InputSource;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+import java.io.StringReader;
+import java.util.HashMap;
+
+/**
+ * Physical person representing physical person
+ * @author bsuzic
+ * Date: 4/30/14, Time: 11:29 AM
+ */
+public class PhyPersonMandateContainer extends MandateContainer {
+
+ private String phyPersMandatorIdentificationValue = null;
+ private String phyPersMandatorIdentificationType = null;
+ private String phyPersMandatorGivenName = null;
+ private String phyPersMandatorFamilyName = null;
+ private String phyPersMandatorBirthDate = null;
+
+ String localMethods[] = new String[]{"getPhyPersMandatorGivenName", "getPhyPersMandatorFamilyName", "getPhyPersMandatorBirthDate", "getPhyPersMandatorIdentificationValue",
+ "getPhyPersMandatorIdentificationType", "getMandateIssuePlace", "getMandateIssueDate", "getMandateIssueTime", "getSimpleMandateContent", "getMandateValidFrom",
+ "getMandateValidTo", "getPhysicalRepresentativeIdentificationValue", "getPhysicalRepresentativeIdentificationType", "getAnnotation",
+ "getPhysicalRepresentativeGivenName", "getPhysicalRepresentativeFamilyName", "getPhysicalRepresentativeBirthDate"
+ };
+
+
+ public PhyPersonMandateContainer(String mandate) throws XPathExpressionException, MOAIDException {
+ super(mandate);
+
+ setAnnotation(xPath.evaluate(S2Constants.MANDATE_ANNOTATION_QUERY, new InputSource(new StringReader(mandate))));
+ setPhyPersMandatorIdentificationType(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_IDTYPE_QUERY, new InputSource(new StringReader(mandate))));
+ setPhyPersMandatorIdentificationValue(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_IDVALUE_QUERY, new InputSource(new StringReader(mandate))));
+ setPhyPersMandatorGivenName(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_GIVENNAME_QUERY, new InputSource(new StringReader(mandate))));
+ setPhyPersMandatorFamilyName(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_FAMILYNAME_QUERY, new InputSource(new StringReader(mandate))));
+ setPhyPersMandatorBirthDate(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_DATEOFBIRTH_QUERY, new InputSource(new StringReader(mandate))));
+ setMandateIssueDate(xPath.evaluate(S2Constants.MANDATE_ISSUEDDATE_QUERY, new InputSource(new StringReader(mandate))));
+ setMandateIssuePlace(xPath.evaluate(S2Constants.MANDATE_ISSUEDPLACE_QUERY, new InputSource(new StringReader(mandate))));
+ setMandateIssueTime(xPath.evaluate(S2Constants.MANDATE_ISSUEDTIME_QUERY, new InputSource(new StringReader(mandate))));
+ setMandateValidFrom(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_VALIDFROM_QUERY, new InputSource(new StringReader(mandate))));
+ setMandateValidTo(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_VALIDTO_QUERY, new InputSource(new StringReader(mandate))));
+ setPhysicalRepresentativeBirthDate(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_DATEOFBIRTH_QUERY, new InputSource(new StringReader(mandate))));
+ setPhysicalRepresentativeFamilyName(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_FAMILYNAME_QUERY, new InputSource(new StringReader(mandate))));
+ setPhysicalRepresentativeGivenName(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_GIVENNAME_QUERY, new InputSource(new StringReader(mandate))));
+ setPhysicalRepresentativeIdentificationType(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_IDTYPE_QUERY, new InputSource(new StringReader(mandate))));
+ setPhysicalRepresentativeIdentificationValue(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_IDVALUE_QUERY, new InputSource(new StringReader(mandate))));
+ setSimpleMandateContent(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_TXTDESC_QUERY, new InputSource(new StringReader(mandate))));
+
+ // check if all necessary fields are present
+ Logger.debug("Starting mandate structure validation");
+ try {
+ validateMandateStructure(localMethods); // TODO
+ } catch (Exception e) {
+ if (e instanceof MOAIDException) {
+ Logger.error("Could not validate mandate structure.");
+ throw new MOAIDException("stork.16", new Object[] {e.getMessage()}); // TODO
+ } else {
+ Logger.error("Error during mandate structure validation.");
+ throw new MOAIDException("stork.16", new Object[] {e.getMessage()}); // TODO
+ }
+
+ }
+ }
+
+
+
+ public String getPhyPersMandatorGivenName() {
+ return phyPersMandatorGivenName;
+ }
+
+ public void setPhyPersMandatorGivenName(String phyPersMandatorGivenName) {
+ this.phyPersMandatorGivenName = phyPersMandatorGivenName;
+ }
+
+ public String getPhyPersMandatorFamilyName() {
+ return phyPersMandatorFamilyName;
+ }
+
+ public void setPhyPersMandatorFamilyName(String phyPersMandatorFamilyName) {
+ this.phyPersMandatorFamilyName = phyPersMandatorFamilyName;
+ }
+
+ public String getPhyPersMandatorBirthDate() {
+ return phyPersMandatorBirthDate;
+ }
+
+ public void setPhyPersMandatorBirthDate(String phyPersMandatorBirthDate) {
+ this.phyPersMandatorBirthDate = phyPersMandatorBirthDate;
+ }
+
+ public String getPhyPersMandatorIdentificationValue() {
+ return phyPersMandatorIdentificationValue;
+ }
+
+ public void setPhyPersMandatorIdentificationValue(String phyPersMandatorIdentificationValue) {
+ this.phyPersMandatorIdentificationValue = phyPersMandatorIdentificationValue;
+ }
+
+ public String getPhyPersMandatorIdentificationType() {
+ return phyPersMandatorIdentificationType;
+ }
+
+ public void setPhyPersMandatorIdentificationType(String phyPersMandatorIdentificationType) {
+ this.phyPersMandatorIdentificationType = phyPersMandatorIdentificationType;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/S2Constants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/S2Constants.java
new file mode 100644
index 000000000..e332fbc6a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/S2Constants.java
@@ -0,0 +1,40 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+/**
+ * @author bsuzic
+ * Date: 4/29/14, Time: 5:34 PM
+ */
+public interface S2Constants {
+ public static final String MANDATE_PREFIX = "mandate";
+ public static final String PERSONDATA_PREFIX = "persondata";
+ public static final String XMLDSIG_PREFIX = "xmldsig";
+
+ public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#";
+ public static final String PERSONDATA_NS = "http://reference.e-government.gv.at/namespace/persondata/20020228#";
+ public static final String XMLDSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+
+ public static final String MANDATE_ANNOTATION_QUERY = "/mandate:Mandate/mandate:Annotation/text()";
+ public static final String MANDATE_REPRESENTATIVE_PHYPERS_IDVALUE_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:Identification/persondata:Value/text()";
+ public static final String MANDATE_REPRESENTATIVE_PHYPERS_IDTYPE_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:Identification/persondata:Type/text()";
+ public static final String MANDATE_REPRESENTATIVE_PHYPERS_GIVENNAME_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:Name/persondata:GivenName/text()";
+ public static final String MANDATE_REPRESENTATIVE_PHYPERS_FAMILYNAME_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:Name/persondata:FamilyName/text()";
+ public static final String MANDATE_REPRESENTATIVE_PHYPERS_DATEOFBIRTH_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:DateOfBirth/text()";
+ public static final String MANDATE_MANDATOR_CORPBODY_IDVALUE_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:CorporateBody/persondata:Identification/persondata:Value/text()";
+ public static final String MANDATE_MANDATOR_CORPBODY_IDTYPE_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:CorporateBody/persondata:Identification/persondata:Type/text()";
+ public static final String MANDATE_MANDATOR_CORPBODY_FULLNAME_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:CorporateBody/persondata:FullName/text()";
+ public static final String MANDATE_ISSUEDPLACE_QUERY = "/mandate:Mandate/mandate:Issued/mandate:Place/text()";
+ public static final String MANDATE_ISSUEDDATE_QUERY = "/mandate:Mandate/mandate:Issued/mandate:Date/text()";
+ public static final String MANDATE_ISSUEDTIME_QUERY = "/mandate:Mandate/mandate:Issued/mandate:Time/text()";
+ public static final String MANDATE_SIMPLEMANDATECONTENT_TXTDESC_QUERY = "/mandate:Mandate/mandate:SimpleMandateContent/mandate:TextualDescription/text()";
+ public static final String MANDATE_SIMPLEMANDATECONTENT_VALIDFROM_QUERY = "/mandate:Mandate/mandate:SimpleMandateContent/mandate:TimeConstraint/mandate:ValidFrom/text()";
+ public static final String MANDATE_SIMPLEMANDATECONTENT_VALIDTO_QUERY = "/mandate:Mandate/mandate:SimpleMandateContent/mandate:TimeConstraint/mandate:ValidTo/text()";
+
+ public static final String MANDATE_MANDATOR_PHYPERS_IDVALUE_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:Identification/persondata:Value/text()";
+ public static final String MANDATE_MANDATOR_PHYPERS_IDTYPE_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:Identification/persondata:Type/text()";
+ public static final String MANDATE_MANDATOR_PHYPERS_GIVENNAME_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:Name/persondata:GivenName/text()";
+ public static final String MANDATE_MANDATOR_PHYPERS_FAMILYNAME_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:Name/persondata:FamilyName/text()";
+ public static final String MANDATE_MANDATOR_PHYPERS_DATEOFBIRTH_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:DateOfBirth/text()";
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 8c63b8cb1..ed9c45126 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -64,10 +64,46 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
Logger.debug("Initiating action: " + action);
MOASTORKRequest STORK2Request = new MOASTORKRequest();
+ MOASTORKResponse STORK2Response = new MOASTORKResponse();
- if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action))
+
+ if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action))
return STORK2Request;
+
+ if (request.getParameter("SAMLResponse") != null) { // TODO check attribute collector
+ //extract STORK Response from HTTP Request
+ byte[] decSamlToken;
+ try {
+ decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+ } catch (NullPointerException e) {
+ if (request.getRemoteHost().contains("129.27.142")) {
+ Logger.warn("Availability check by " + request.getRemoteHost() + " on URI: " + request.getRequestURI());
+ } else {
+ Logger.error("Unable to retrieve STORK Request for host: " + request.getRemoteHost() + " and URI: " + request.getRequestURI(), e);
+ }
+ throw new MOAIDException("stork.04", null);
+ }
+
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+
+ STORKAuthnResponse authnResponse = null;
+
+
+ // check if valid authn request is contained
+ try {
+ authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, request.getRemoteAddr());
+ } catch (STORKSAMLEngineException ex) {
+ Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage());
+ }
+
+ STORK2Response.setSTORKAuthnResponseToken(decSamlToken);
+
+ return STORK2Response;
+
+ } else if (request.getParameter("SAMLRequest") != null) {
+
//extract STORK Response from HTTP Request
byte[] decSamlToken;
try {
@@ -87,6 +123,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
STORKAuthnRequest authnRequest = null;
STORKAttrQueryRequest attrRequest = null;
+
// check if valid authn request is contained
try {
authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);
@@ -113,6 +150,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
return STORK2Request;
+ } else {
+ throw new MOAIDException("stork.14", null); // TODO Specify message
+ }
}
public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 72fb8cf27..5b2e7ce3d 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -130,7 +130,7 @@ validator.08=Das Manifest ist ung\u00FCltig
validator.09=Die \u00F6ffentlichen Schl\u00FCssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat \u00FCberein
validator.10=Anzahl der URLs zur Authentisierungskomponente ung\u00FCltig {0}
-validator.11="Gesch�ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
+validator.11="Gesch\\u00E4ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
validator.12=Der Namespace des SAML-Attributs "Gesch\\u00E4ftsbereich" ist ung\u00FCltig {0}
validator.13=Das Target des 'Gesch\u00E4ftsbereichs' ist ung\u00FCltig {0}
validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0}
@@ -138,7 +138,6 @@ validator.15=Der Namespace des SAML-Attributs "OA" ist ung\u00FCltig {0}
validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0}
validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ung\u00FCltig {0}
-#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als g�ltiger SubjectDN-Name f�r eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zul\u00E4ssig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enth?lt das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
validator.19=Das verwendete Zertifikat zum Signieren ist ung\u00FCltig.<br>{0}
@@ -244,5 +243,5 @@ oauth20.04=Die Art der Anmeldung wird nicht unterstuetzt
oauth20.05=Der angegebene Benutzer ist nicht berechtigt
oauth20.06=Die angegebene OA kann nicht verwendet werden
oauth20.07=Angeforderter grant_type ist nicht erlaubt
-oauth20.08=Nicht berechtigt f�r Token-Request
+oauth20.08=Nicht berechtigt f\u00FCr Token-Request
oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{0}"