aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java')
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java249
1 files changed, 0 insertions, 249 deletions
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
deleted file mode 100644
index 2b7d4e045..000000000
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ /dev/null
@@ -1,249 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.stork2;
-
-import java.io.StringWriter;
-
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Map.Entry;
-
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.peps.auth.commons.PEPSUtil;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * The ConsentEvaluator assists with fetching user consent on the list of attributes to be sent to the asking S-PEPS.
- */
-public class ConsentEvaluator implements IAction {
-
- /**
- * The Constant ARTIFACT_ID.
- */
- private static final String ARTIFACT_ID = "artifactId";
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
- */
- public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-
- // - fetch the container
- String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
- DataContainer container;
- try {
- container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
- req = container.getRequest();
- } catch (MOADatabaseException e) {
- Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
- throw new MOAIDException("stork.17", null);
- }
-
- // evaluate response
- for(PersonalAttribute current : container.getRequest().getPersonalAttributeList()) {
- if(null == httpReq.getParameter(current.getName())) {
- current.setStatus(AttributeStatusType.WITHHELD.value());
- current.setValue(new ArrayList<String>());
- current.setComplexValue(new HashMap<String, String>());
- }
- }
-
- //TODO: CHECK: req.getOAURL() should return the unique OA identifier
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(req.getOAURL());
- if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
-
- new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
-
- return null; // AssertionId
- }
-
- /**
- * Fills the given HttpResponse with the required web page.
- *
- * @param container the container
- * @param authData
- * @param response the response
- * @param oaParam the oa param
- * @return the string
- * @throws MOAIDException the mOAID exception
- */
- public String requestConsent(DataContainer container, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException {
- //check if we need to collect consent
- if(!oaParam.isRequireConsentForStorkAttributes()) {
- (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
- return "";
- }
-
- // prepare redirect
- String newArtifactId;
- try {
-
- // memorize the container again
- Logger.debug("prepare putting the container into temporary storage...");
-
- // - generate new key
- newArtifactId = new SecureRandomIdentifierGenerator().generateIdentifier();
-
- // - put container in temporary store.
- AssertionStorage.getInstance().put(newArtifactId, container);
-
- Logger.debug("...successful");
-
- } catch (Exception e1) {
- // TODO should we return the response as is to the PEPS?
- e1.printStackTrace();
- Logger.error("Error putting incomplete Stork response into temporary storage", e1);
- throw new MOAIDException("stork.17", null);
- }
-
- // ask for consent
- try {
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
- Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html");
- VelocityContext context = new VelocityContext();
-
- context.put("action", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().get(0) + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId);
-
- // assemble table
- String table = "";
- for (PersonalAttribute current : container.getRequest().getPersonalAttributeList())
- table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + (current.isRequired() ? "" : " (optional)") + "</td></tr>\n";
-
- context.put("tablecontent", table);
- for(Entry<String, String> current : oaParam.getFormCustomizaten().entrySet())
- context.put(current.getKey().replace("#", ""), current.getValue());
-
- StringWriter writer = new StringWriter();
- template.merge(context, writer);
- httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
-
- } catch (Exception e) {
- Logger.error("Velocity error: " + e.getMessage());
- throw new MOAIDException("stork.17", null);
- }
-
- return "12345"; // AssertionId
- }
-
- /**
- * generates binary response from given response class and fill the given HttpResponse with a SAML Post Binding template.
- *
- * @param httpResp the http resp
- * @param container the container
- * @throws MOAIDException the mOAID exception
- */
- public void generateSTORKResponse(HttpServletResponse httpResp, DataContainer container) throws MOAIDException {
- MOASTORKRequest request = container.getRequest();
- MOASTORKResponse response = container.getResponse();
-
- Logger.info("generating stork response...");
-
- try {
- //Get SAMLEngine instance
- STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
- Logger.debug("Starting generation of SAML response");
- if(response.isAuthnResponse())
- response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false));
- else
- response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false));
-
-
- //generateSAML Token
- Logger.info("SAML response succesfully generated!");
- } catch (STORKSAMLEngineException e) {
- Logger.error("Failed to generate STORK SAML Response", e);
- throw new MOAIDException("stork.05", null);
- }
-
- // preparing redirection for the client
- try {
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
- Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
- VelocityContext context = new VelocityContext();
-
- byte[] blob;
- if(request.isAttrRequest())
- blob = response.getStorkAttrQueryResponse().getTokenSaml();
- else
- blob = response.getStorkAuthnResponse().getTokenSaml();
-
- context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob));
- Logger.debug("SAMLResponse original: " + new String(blob));
-
- Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL());
- context.put("action", request.getAssertionConsumerServiceURL());
- Logger.trace("Starting template merge");
- StringWriter writer = new StringWriter();
-
- Logger.trace("Doing template merge");
- template.merge(context, writer);
- Logger.trace("Template merge done");
-
- Logger.trace("Sending html content: " + writer.getBuffer().toString());
- Logger.trace("Sending html content2 : " + new String(writer.getBuffer()));
-
- httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
-
- } catch (Exception e) {
- Logger.error("Velocity error: " + e.getMessage());
- }
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
- */
- public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
- // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action.
- return false;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
- */
- public String getDefaultActionName() {
- return STORKProtocol.CONSENT_EVALUATOR;
- }
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 12:10:21 +0000