aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java96
1 files changed, 58 insertions, 38 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 9ae61edd9..57588287d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -24,11 +24,13 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
import java.io.IOException;
import java.io.StringWriter;
-import java.security.Security;
+import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.BooleanUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
@@ -41,16 +43,22 @@ import eu.eidas.auth.commons.IPersonalAttributeList;
import eu.eidas.auth.commons.PersonalAttribute;
import eu.eidas.auth.commons.PersonalAttributeList;
import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.SPType;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -79,56 +87,68 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
//load pending request
IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+ Logger.info("No PendingRequest with Id: '{}' Maybe, a transaction timeout occure.", new Object[] {pendingRequestID});
throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
}
-
- //load MOASession object and OA-configuration
+
+ //load MOASession object, configuration and OA-configuration
AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+ AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance();
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ // get target country
+ String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
+
+ if (StringUtils.isEmpty(citizenCountryCode)) {
+ // illegal state; task should not have been executed without a selected country
+ throw new AuthenticationException("stork.22", new Object[] { moasessionid });
+ }
+
+ CPEPS cpeps = moaconfig.getStorkConfig().getCPEPS(citizenCountryCode);
+ if(null == cpeps) {
+ Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
+ throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode});
+ }
+ Logger.debug("Found C-PEPS configuration for citizen of country: " + citizenCountryCode);
+ String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
+ String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
+
+ // assemble requested attributes
+ Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
+ // - prepare attribute list
IPersonalAttributeList pAttList = new PersonalAttributeList();
-
- //create template requested attribute
- //TODO: load required attributes from OA configuration
- PersonalAttribute attr = new PersonalAttribute();
- attr.setName("eidas/attributes/CurrentFamilyName");
- pAttList.add(attr);
-
- PersonalAttribute attr1 = new PersonalAttribute();
- attr1.setName("eidas/attributes/CurrentGivenName");
- pAttList.add(attr1);
-
- PersonalAttribute attr2 = new PersonalAttribute();
- attr2.setName("eidas/attributes/DateOfBirth");
- pAttList.add(attr2);
-
- PersonalAttribute attr3 = new PersonalAttribute();
- attr3.setName("eidas/attributes/PersonIdentifier");
- pAttList.add(attr3);
-
+
+ // - fill container
+ for (StorkAttribute current : attributesFromConfig) {
+ PersonalAttribute newAttribute = new PersonalAttribute();
+ newAttribute.setName(current.getName());
+
+ boolean globallyMandatory = false;
+ for (StorkAttribute currentGlobalAttribute : moaconfig.getStorkConfig().getStorkAttributes())
+ if (current.getName().equals(currentGlobalAttribute.getName())) {
+ globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
+ break;
+ }
+
+ newAttribute.setIsRequired(current.getMandatory() || globallyMandatory);
+ pAttList.add(newAttribute);
+ }
+
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
//build eIDAS AuthnRequest
EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
- String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ColleagueRequest";
-// authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
- String providerName = "sp3fr-moa";
- authnRequest.setProviderName(providerName);
-// int qaaLevel = 1;
-// authnRequest.setQaa(qaaLevel); // not needed anymore. furthermore this may make the node think the request at hand is a stork request and we do not want that.
+ authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
authnRequest.setPersonalAttributeList(pAttList);
- String issuer = "http://localhost:12343/moa-id-auth/eidas/metadata";
- authnRequest.setIssuer(issuer);
- authnRequest.setDestination(assertionConsumerURL);
+ authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + "/eidas/metadata");
+ authnRequest.setDestination(destination);
authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
- authnRequest.setAlias(providerName);
+ authnRequest.setSPType(SPType.DEFAULT_VALUE);
- authnRequest.setSPType("public");
-
engine.initRequestedAttributes(pAttList);
authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
@@ -149,8 +169,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
context.put("RelayState", moasessionid);
- Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL);
- context.put("action", assertionConsumerURL);
+ Logger.debug("Using assertion consumer url as action: " + destination);
+ context.put("action", destination);
Logger.debug("Starting template merge");
StringWriter writer = new StringWriter();