aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java12
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java135
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java118
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java)19
4 files changed, 226 insertions, 58 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 0bedf0432..3c33b8d58 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -1,13 +1,17 @@
package at.gv.egovernment.moa.id.protocols.eidas;
-import java.util.List;
+import java.util.Collection;
-import org.opensaml.saml2.core.Attribute;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Component;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import eu.eidas.auth.commons.EIDASAuthnRequest;
+@Component("EIDASData")
+@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
public class EIDASData extends RequestImpl {
/** The Constant serialVersionUID. */
@@ -23,7 +27,7 @@ public class EIDASData extends RequestImpl {
private String remoteIPAddress;
@Override
- public List<Attribute> getRequestedAttributes() {
+ public Collection<String> getRequestedAttributes() {
// TODO Auto-generated method stub
return null;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index a94e136b4..4caa6700a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -22,45 +22,40 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.eidas;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EIDASAuthnRequest;
import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.engine.EIDASSAMLEngine;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import java.util.HashMap;
-
/**
- * Stork 2 Protocol Support
+ * eIDAS Protocol Support for outbound authentication
*
- * @author bsuzic
+ * @author tlenz
*/
-public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
+public class EIDASProtocol extends AbstractAuthProtocolModulController {
public static final String NAME = EIDASProtocol.class.getName();
public static final String PATH = "eidas";
- public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
-
- private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
-
- static {
- actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
- }
-
public String getName() {
return NAME;
}
@@ -69,20 +64,72 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
return PATH;
}
- public IAction getAction(String action) {
- return actions.get(action);
- }
-
- public EIDASProtocol() {
- super();
- }
-
+ //eIDAS metadata end-point
+ @RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET})
+ public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+
+ //create pendingRequest object
+ EIDASData pendingReq = applicationContext.getBean(EIDASData.class);
+ pendingReq.initialize(req);
+ pendingReq.setModule(NAME);
+ pendingReq.setNeedAuthentication(false);
+ pendingReq.setAuthenticated(false);
+
+ revisionsLogger.logEvent(
+ pendingReq.getUniqueSessionIdentifier(),
+ pendingReq.getUniqueTransactionIdentifier(),
+ MOAIDEventConstants.TRANSACTION_IP,
+ req.getRemoteAddr());
+
+
+ EidasMetaDataRequest metadataAction = applicationContext.getBean(EidasMetaDataRequest.class);
+ metadataAction.processRequest(pendingReq,
+ req, resp, null);
+
+ revisionsLogger.logEvent(
+ pendingReq.getUniqueSessionIdentifier(),
+ pendingReq.getUniqueTransactionIdentifier(),
+ Constants.eIDAS_REVERSIONSLOG_METADATA);
+ }
+
+
+ //PVP2.x IDP POST-Binding end-point
+ @RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST})
+ public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
+
+ //create pending-request object
+ EIDASData pendingReq = applicationContext.getBean(EIDASData.class);
+ pendingReq.initialize(req);
+ pendingReq.setModule(NAME);
+
+ revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+ revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());
+ revisionsLogger.logEvent(
+ pendingReq.getUniqueSessionIdentifier(),
+ pendingReq.getUniqueTransactionIdentifier(),
+ MOAIDEventConstants.TRANSACTION_IP,
+ req.getRemoteAddr());
+
+ //preProcess eIDAS request
+ preProcess(req, resp, pendingReq);
+
+ revisionsLogger.logEvent(pendingReq, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
+
+ //AuthnRequest needs authentication
+ pendingReq.setNeedAuthentication(true);
+
+ //set protocol action, which should be executed after authentication
+ pendingReq.setAction(eIDASAuthenticationRequest.class.getName());
+
+ //switch to session authentication
+ performAuthentication(req, resp, pendingReq);
+ }
+
/*
First request step - send it to BKU selection for user authentication. After the user credentials
and other info are obtained, in the second step the request will be processed and the user redirected
*/
- public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action,
- String sessionId, String transactionId) throws MOAIDException {
+ public void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
Logger.info("received an eIDaS request");
@@ -101,42 +148,36 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
//validate SAML token
EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
- // memorize important stuff
- EIDASData result = new EIDASData();
-
// - memorize remote ip
- result.setRemoteAddress(request.getRemoteAddr());
+ pendingReq.setRemoteAddress(request.getRemoteAddr());
// - memorize country code of target country
- result.setTarget(samlReq.getCountry());
+ pendingReq.setGenericDataToSession(
+ Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
// - memorize requested attributes
- result.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
+ pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
// - memorize whole request
- samlReq.setPersonalAttributeList(result.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
- result.setEidasRequest(samlReq);
+ samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
+ pendingReq.setEidasRequest(samlReq);
// - memorize OA url
- result.setOAURL(samlReq.getIssuer());
-
+ pendingReq.setOAURL(samlReq.getIssuer());
+
// - memorize OA config
- OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL());
+ OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
if (oaConfig == null)
- throw new AuthenticationException("stork.12", new Object[]{result.getOAURL()});
- result.setOnlineApplicationConfiguration(oaConfig);
+ throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()});
+ pendingReq.setOnlineApplicationConfiguration(oaConfig);
- return result;
} catch(Exception e) {
Logger.error("error in preprocessing step", e);
throw new MOAIDException("error in preprocessing step", null);
+
}
}
- public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
- return null;
- }
-
public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
return false;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
new file mode 100644
index 000000000..4e34902e2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -0,0 +1,118 @@
+/*******************************************************************************
+ * Copyright 2015 e-SENS project
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be
+ * approved by the European Commission - subsequent versions of
+ * the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at: http://ec.europa.eu/idabc/eupl
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataConfigParams;
+import eu.eidas.auth.engine.metadata.MetadataGenerator;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+
+/**
+ * First version to provide some valid metadata to an asking eIDaS node
+ */
+@Service("EidasMetaDataRequest")
+public class EidasMetaDataRequest implements IAction {
+ private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataRequest.class);
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public SLOInformationInterface processRequest(IRequest req,
+ HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
+
+ try {
+ logger.debug("EidasMetaDataServlet GET");
+
+ String pubURLPrefix = req.getAuthURL();
+
+ String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+
+ String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;
+ String metaData = generateMetadata(metadata_url, sp_return_url);
+
+ logger.trace(metaData);
+
+ httpResp.setContentType(MediaType.TEXT_XML.getType());
+ httpResp.getWriter().print(metaData);
+ httpResp.flushBuffer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return false;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ @Override
+ public String getDefaultActionName() {
+ return "eIDAS-Metadata Action";
+
+ }
+
+ public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
+ String metadata="invalid metadata";
+
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
+ MetadataGenerator generator = new MetadataGenerator();
+ MetadataConfigParams mcp=new MetadataConfigParams();
+ generator.setConfigParams(mcp);
+ generator.initialize(engine);
+ mcp.setEntityID(metadata_url);
+
+ generator.addSPRole();
+ String returnUrl = sp_return_url;
+ mcp.setAssertionConsumerUrl(returnUrl);
+
+ generator.addIDPRole();
+ mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable
+
+ metadata = generator.generateMetadata();
+ return metadata;
+ }
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 68ff0425a..d75d4b1b9 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -32,8 +32,11 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
@@ -41,8 +44,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -61,11 +62,14 @@ import eu.eidas.auth.engine.metadata.MetadataUtil;
* Second request step - after authentication of the user is done and moasession obtained,
* process request and forward the user further to PEPS and/or other entities
*
- * @author bsuzic
+ * @author tlenz
*/
-public class AuthenticationRequest implements IAction {
+@Service("eIDASAuthenticationRequest")
+public class eIDASAuthenticationRequest implements IAction {
+ @Autowired protected MOAReversionLogger revisionsLogger;
+
@Override
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
EIDASData eidasRequest;
@@ -87,7 +91,7 @@ public class AuthenticationRequest implements IAction {
case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
- eidasRequest.getTarget()); break;
+ eidasRequest.getGenericData(Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, String.class)); break;
}
if("".equals(newValue))
@@ -104,8 +108,7 @@ public class AuthenticationRequest implements IAction {
response.setPersonalAttributeList(resultingAttributeList);
// - create metadata url
- AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
- String pubURLPrefix = config.getPublicURLPrefix();
+ String pubURLPrefix = req.getAuthURL();
String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
response.setIssuer(metadata_url);
@@ -136,6 +139,8 @@ public class AuthenticationRequest implements IAction {
e.printStackTrace();
}
+ revisionsLogger.logEvent(req, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
+
// send the response
try {
VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 21:22:19 +0000