diff options
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols')
-rw-r--r-- | id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java | 12 | ||||
-rw-r--r-- | id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java | 135 | ||||
-rw-r--r-- | id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java | 118 | ||||
-rw-r--r-- | id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java) | 19 |
4 files changed, 226 insertions, 58 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java index 0bedf0432..3c33b8d58 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java @@ -1,13 +1,17 @@ package at.gv.egovernment.moa.id.protocols.eidas; -import java.util.List; +import java.util.Collection; -import org.opensaml.saml2.core.Attribute; +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; -import eu.eidas.auth.commons.EIDASAuthnRequest; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.moduls.RequestImpl; +import eu.eidas.auth.commons.EIDASAuthnRequest; +@Component("EIDASData") +@Scope(value = BeanDefinition.SCOPE_PROTOTYPE) public class EIDASData extends RequestImpl { /** The Constant serialVersionUID. */ @@ -23,7 +27,7 @@ public class EIDASData extends RequestImpl { private String remoteIPAddress; @Override - public List<Attribute> getRequestedAttributes() { + public Collection<String> getRequestedAttributes() { // TODO Auto-generated method stub return null; } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index a94e136b4..4caa6700a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -22,45 +22,40 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.eidas; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EIDASAuthnRequest; import eu.eidas.auth.commons.EIDASUtil; import eu.eidas.auth.engine.EIDASSAMLEngine; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import java.util.HashMap; - /** - * Stork 2 Protocol Support + * eIDAS Protocol Support for outbound authentication * - * @author bsuzic + * @author tlenz */ -public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo { +public class EIDASProtocol extends AbstractAuthProtocolModulController { public static final String NAME = EIDASProtocol.class.getName(); public static final String PATH = "eidas"; - public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; - - private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); - - static { - actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); - } - public String getName() { return NAME; } @@ -69,20 +64,72 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo { return PATH; } - public IAction getAction(String action) { - return actions.get(action); - } - - public EIDASProtocol() { - super(); - } - + //eIDAS metadata end-point + @RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET}) + public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + + //create pendingRequest object + EIDASData pendingReq = applicationContext.getBean(EIDASData.class); + pendingReq.initialize(req); + pendingReq.setModule(NAME); + pendingReq.setNeedAuthentication(false); + pendingReq.setAuthenticated(false); + + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + + EidasMetaDataRequest metadataAction = applicationContext.getBean(EidasMetaDataRequest.class); + metadataAction.processRequest(pendingReq, + req, resp, null); + + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + Constants.eIDAS_REVERSIONSLOG_METADATA); + } + + + //PVP2.x IDP POST-Binding end-point + @RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST}) + public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + + //create pending-request object + EIDASData pendingReq = applicationContext.getBean(EIDASData.class); + pendingReq.initialize(req); + pendingReq.setModule(NAME); + + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //preProcess eIDAS request + preProcess(req, resp, pendingReq); + + revisionsLogger.logEvent(pendingReq, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST); + + //AuthnRequest needs authentication + pendingReq.setNeedAuthentication(true); + + //set protocol action, which should be executed after authentication + pendingReq.setAction(eIDASAuthenticationRequest.class.getName()); + + //switch to session authentication + performAuthentication(req, resp, pendingReq); + } + /* First request step - send it to BKU selection for user authentication. After the user credentials and other info are obtained, in the second step the request will be processed and the user redirected */ - public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action, - String sessionId, String transactionId) throws MOAIDException { + public void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException { Logger.info("received an eIDaS request"); @@ -101,42 +148,36 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo { //validate SAML token EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken); - // memorize important stuff - EIDASData result = new EIDASData(); - // - memorize remote ip - result.setRemoteAddress(request.getRemoteAddr()); + pendingReq.setRemoteAddress(request.getRemoteAddr()); // - memorize country code of target country - result.setTarget(samlReq.getCountry()); + pendingReq.setGenericDataToSession( + Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry()); // - memorize requested attributes - result.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList())); + pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList())); // - memorize whole request - samlReq.setPersonalAttributeList(result.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list - result.setEidasRequest(samlReq); + samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list + pendingReq.setEidasRequest(samlReq); // - memorize OA url - result.setOAURL(samlReq.getIssuer()); - + pendingReq.setOAURL(samlReq.getIssuer()); + // - memorize OA config - OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL()); + OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL()); if (oaConfig == null) - throw new AuthenticationException("stork.12", new Object[]{result.getOAURL()}); - result.setOnlineApplicationConfiguration(oaConfig); + throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()}); + pendingReq.setOnlineApplicationConfiguration(oaConfig); - return result; } catch(Exception e) { Logger.error("error in preprocessing step", e); throw new MOAIDException("error in preprocessing step", null); + } } - public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { - return null; - } - public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { return false; } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java new file mode 100644 index 000000000..4e34902e2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -0,0 +1,118 @@ +/******************************************************************************* + * Copyright 2015 e-SENS project + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be + * approved by the European Commission - subsequent versions of + * the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: http://ec.europa.eu/idabc/eupl + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.eidas; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.springframework.http.MediaType; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import eu.eidas.auth.engine.EIDASSAMLEngine; +import eu.eidas.auth.engine.metadata.MetadataConfigParams; +import eu.eidas.auth.engine.metadata.MetadataGenerator; +import eu.eidas.engine.exceptions.SAMLEngineException; + + +/** + * First version to provide some valid metadata to an asking eIDaS node + */ +@Service("EidasMetaDataRequest") +public class EidasMetaDataRequest implements IAction { + private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataRequest.class); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) + */ + @Override + public SLOInformationInterface processRequest(IRequest req, + HttpServletRequest httpReq, HttpServletResponse httpResp, + IAuthData authData) throws MOAIDException { + + try { + logger.debug("EidasMetaDataServlet GET"); + + String pubURLPrefix = req.getAuthURL(); + + String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA; + + String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST; + String metaData = generateMetadata(metadata_url, sp_return_url); + + logger.trace(metaData); + + httpResp.setContentType(MediaType.TEXT_XML.getType()); + httpResp.getWriter().print(metaData); + httpResp.flushBuffer(); + } catch (Exception e) { + e.printStackTrace(); + } + + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + @Override + public String getDefaultActionName() { + return "eIDAS-Metadata Action"; + + } + + public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{ + String metadata="invalid metadata"; + + EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(); + + MetadataGenerator generator = new MetadataGenerator(); + MetadataConfigParams mcp=new MetadataConfigParams(); + generator.setConfigParams(mcp); + generator.initialize(engine); + mcp.setEntityID(metadata_url); + + generator.addSPRole(); + String returnUrl = sp_return_url; + mcp.setAssertionConsumerUrl(returnUrl); + + generator.addIDPRole(); + mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable + + metadata = generator.generateMetadata(); + return metadata; + } +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index 68ff0425a..d75d4b1b9 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -32,8 +32,11 @@ import javax.servlet.http.HttpServletResponse; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; +import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; @@ -41,8 +44,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; @@ -61,11 +62,14 @@ import eu.eidas.auth.engine.metadata.MetadataUtil; * Second request step - after authentication of the user is done and moasession obtained, * process request and forward the user further to PEPS and/or other entities * - * @author bsuzic + * @author tlenz */ -public class AuthenticationRequest implements IAction { +@Service("eIDASAuthenticationRequest") +public class eIDASAuthenticationRequest implements IAction { + @Autowired protected MOAReversionLogger revisionsLogger; + @Override public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { EIDASData eidasRequest; @@ -87,7 +91,7 @@ public class AuthenticationRequest implements IAction { case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break; case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break; case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(), - eidasRequest.getTarget()); break; + eidasRequest.getGenericData(Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, String.class)); break; } if("".equals(newValue)) @@ -104,8 +108,7 @@ public class AuthenticationRequest implements IAction { response.setPersonalAttributeList(resultingAttributeList); // - create metadata url - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); - String pubURLPrefix = config.getPublicURLPrefix(); + String pubURLPrefix = req.getAuthURL(); String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA; response.setIssuer(metadata_url); @@ -136,6 +139,8 @@ public class AuthenticationRequest implements IAction { e.printStackTrace(); } + revisionsLogger.logEvent(req, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST); + // send the response try { VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); |