diff options
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java')
-rw-r--r-- | id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java new file mode 100644 index 000000000..3e2122315 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -0,0 +1,137 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.eidas; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.eidas.auth.commons.EIDASAuthnRequest; +import eu.eidas.auth.commons.EIDASUtil; +import eu.eidas.auth.engine.EIDASSAMLEngine; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import java.util.HashMap; + +/** + * Stork 2 Protocol Support + * + * @author bsuzic + */ +public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo { + + public static final String NAME = EIDASProtocol.class.getName(); + public static final String PATH = "eidas"; + + public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; + + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + + static { + actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); + } + + public String getName() { + return NAME; + } + + public String getPath() { + return PATH; + } + + public IAction getAction(String action) { + return actions.get(action); + } + + public EIDASProtocol() { + super(); + } + + /* + First request step - send it to BKU selection for user authentication. After the user credentials + and other info are obtained, in the second step the request will be processed and the user redirected + */ + public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action, + String sessionId, String transactionId) throws MOAIDException { + + Logger.info("received an eIDaS request"); + + //get SAML Response and decode it + String base64SamlToken = request.getParameter("SAMLRequest"); + if (MiscUtil.isEmpty(base64SamlToken)) { + Logger.warn("No eIDAS SAMLRequest found in http request."); + throw new MOAIDException("HTTP request includes no eIDAS SAML-Request element.", null); + } + byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken); + + try { + //get eIDAS SAML-engine + EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(); + + //validate SAML token + EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken); + + // memorize important stuff + EIDASRequest result = new EIDASRequest(); + // - memorize requested attributes + // TODO memorize requested attributes + + // - memorize OA url + result.setOAURL("https://demo.a-sit.at/EidasNode"); // TODO use metadata url? + + // - memorize OA config + OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL()); + if (oaConfig == null) + throw new AuthenticationException("stork.12", new Object[]{result.getOAURL()}); + result.setOnlineApplicationConfiguration(oaConfig); + + return result; + } catch(Exception e) { + Logger.error("error in preprocessing step", e); + throw new MOAIDException("error in preprocessing step", null); + } + } + + public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { + return null; + } + + public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { + return false; + } + + public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { + return false; + } +} + + |