diff options
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java')
-rw-r--r-- | id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java | 124 |
1 files changed, 60 insertions, 64 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java index 7cd276043..9d9d44b34 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -11,23 +11,26 @@ import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; -import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eid4u.api.attributes.Definitions; -import at.gv.egiz.eid4u.api.attributes.natural.IdType; -import at.gv.egiz.eid4u.api.attributes.natural.MaritalState; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SimpleEidasAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol; +import at.gv.egovernment.moa.id.util.CookieUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; -import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; @Component("CollectAddtionalAttributesTask") public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { @@ -40,6 +43,8 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) throws TaskExecutionException { try{ + context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, false); + if (pendingReq instanceof EIDASData) { EIDASData eidasReq = (EIDASData) pendingReq; Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ..."); @@ -59,12 +64,26 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build(); if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) { Logger.info("Starting eID4U attribute collection process ... "); - - //generate scope from attributes - - + + //mark execution context with eID4U AP flag + context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, true); + //load connection parameters to TUG - String uniqueID = null; + String uniqueID = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_ENTITYID); + String redirectURI = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_URL); + String scopes = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_SCOPES); + + if (MiscUtil.isEmpty(scopes)) { + //generate scope from attributes + //TODO extract 'scopes' from requested attributes + Logger.warn("Dynamic 'scope' generation is currently NOT supported"); + + } + + Logger.debug("Load eID4U AP-Config:" + + " EntityID: " + uniqueID + + " RedirectURL:" + redirectURI + + " Scopes: " + scopes); /* @@ -72,10 +91,13 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { */ //generate fake OpenID_Connect request - OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); + OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); + fakeOpenIDReq.initialize(httpReq, authConfig); + fakeOpenIDReq.setSPEntityId(uniqueID); + fakeOpenIDReq.setModule(OAuth20Protocol.NAME); fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID)); fakeOpenIDReq.setScope("openId profile"); - + //populate with SessionData fakeOpenIDReq.setRawDataToTransaction( pendingReq.getSessionData(AuthenticationSessionWrapper.class) @@ -92,14 +114,33 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { Map<String, Object> idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken); o.setAuthDataSession(idToken); transactionStorage.put(accessToken, o, -1); - - + //forward to TUG - - - //TODO: implement collection process - populateEid4uDummyAttributes(); + httpResp.setStatus(HttpServletResponse.SC_FOUND); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_OPENID_CODE, accessToken); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_SCOPE, scopes); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, + pendingReq.getPendingRequestId()); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_REDIRECT_URI, + pendingReq.getAuthURL() + eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN); + + final String finalUrl = redirectURI; + httpResp.addHeader("Location", finalUrl); + Logger.debug("REDIRECT TO: " + finalUrl.toString()); + //set session cookie, because eID4U AP from TUG maybe not support pendingReqIds on request level + CookieUtils.setCookie(httpReq, httpResp, + eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME, + pendingReq.getPendingRequestId(), -1); + + //set user's bPK into pendingRequst because TUG AttributeProvider needs it + pendingReq.setRawDataToTransaction( + eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, + new BPKAttributeBuilder().build( + fakeOpenIDReq.getServiceProviderConfiguration(), + authData, + new SimpleEidasAttributeGenerator())); + requestStoreage.storePendingRequest(pendingReq); } else Logger.debug("No eID4U attributes found. Skip eID4U attribute collection"); @@ -108,54 +149,9 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { Logger.debug("No eIDAS Request found. Skip eID4U attribute collection"); } catch (Exception e) { - Logger.error("IdentityLink generation for foreign person FAILED.", e); - throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); - - } - - } - - private void populateEid4uDummyAttributes() { - try { - eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder dummyAddr = PostalAddress.builder(); - dummyAddr.postCode("8020"); - dummyAddr.postName("Graz"); - dummyAddr.addressId("25"); - dummyAddr.cvAddressArea("Mustergasse"); - dummyAddr.locatorDesignator("25"); - dummyAddr.thoroughfare("Mustergasse"); - - AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - session.setGenericDataToSession(Definitions.IDTYPE_NAME, IdType.PASSPORT); - session.setGenericDataToSession(Definitions.IDNUMBER_NAME, "P0571414"); - session.setGenericDataToSession(Definitions.IDISSUER_NAME, "Magistrat Nirgendwo"); - session.setGenericDataToSession(Definitions.IDEXPIREDATE_NAME, "2020-01-01"); - session.setGenericDataToSession(Definitions.EHICID_NAME, "80010000012345678990"); - session.setGenericDataToSession(Definitions.NATIONALITY_NAME, "AT"); - session.setGenericDataToSession(Definitions.CITIZENSHIP_FRIENDLYNAME, "AT"); - session.setGenericDataToSession(Definitions.MARITALSTATE_NAME, MaritalState.SINGLE); - session.setGenericDataToSession(Definitions.COUNTRYOFBIRTH_NAME, "AT"); - session.setGenericDataToSession(Definitions.EMAIL_NAME, "max.mustermann@domain.at"); - session.setGenericDataToSession(Definitions.PHONE_NAME, "+43666111222444"); - session.setGenericDataToSession(Definitions.TEMPORARYADDRESS_NAME, dummyAddr.build()); - session.setGenericDataToSession(Definitions.TAXIDENTIFICATIONNUMBER_NAME, "AT/1213454654718"); - session.setGenericDataToSession(Definitions.HOMEINSTITUTIONNAME_NAME, "Graz Technical University"); - session.setGenericDataToSession(Definitions.HOMEINSTITUTIONIDENTIFIER_NAME, "A GRAZ02"); - session.setGenericDataToSession(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, "AT"); - session.setGenericDataToSession(Definitions.HOMEINSTITUTIONADDRESS_NAME, dummyAddr.build()); - session.setGenericDataToSession(Definitions.CURRENTLEVELOFSTUDY_NAME, "7"); - session.setGenericDataToSession(Definitions.FIELDOFSTUDY_NAME, "52"); - session.setGenericDataToSession(Definitions.CURRENTDEGREE_NAME, "MsC"); - session.setGenericDataToSession(Definitions.DEGREE_NAME, "6"); - session.setGenericDataToSession(Definitions.DEGREEAWARDINGINSTITUTION_NAME, "Graz Technical University"); - session.setGenericDataToSession(Definitions.GRADUATIONYEAR_NAME, "2016"); - session.setGenericDataToSession(Definitions.DEGREECOUNTRY_NAME, "AT"); - - //TODO: not all attributes are populated with dummy values + Logger.error("eID4U AttributeProvider communication FAILED.", e); + throw new TaskExecutionException(pendingReq, "eID4U AttributeProvider communication FAILED", e); - } catch (EAAFStorageException e) { - // TODO Auto-generated catch block - e.printStackTrace(); } } |