diff options
Diffstat (limited to 'id')
11 files changed, 628 insertions, 253 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 307715324..4ea32c602 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -17,6 +17,7 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.*; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index a339cff23..d8c1949ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -1,6 +1,11 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider; +import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.EHvdAttributeProviderPlugin; +import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.MandateAttributeRequestProvider; +import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.SignedDocAttributeRequestProvider; +import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.StorkAttributeRequestProvider; import at.gv.egovernment.moa.logging.Logger; import java.util.ArrayList; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java index 67fbd50f8..867624ff7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider; + public class ExternalAttributeRequestRequiredException extends Exception { /** The Constant serialVersionUID. */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java deleted file mode 100644 index 553063ae8..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java +++ /dev/null @@ -1,150 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -import java.io.StringWriter; -import java.io.UnsupportedEncodingException; -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.codec.binary.Base64; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; - -/** - * Forwards a signedDoc attribute request to the oasis-dss service instance - */ -public class SignedDocAttributeRequestProvider implements AttributeProvider { - - private PersonalAttribute requestedAttribute; - - /** - * The URL of the service listening for the oasis dss webform post request - */ - private String oasisDssWebFormURL; - - /** The attributes. */ - private String attributes; - - /** - * Instantiates a new signed doc attribute request provider. - * - * @param oasisDssWebFormURL - * the AP location - * @param attributes - */ - public SignedDocAttributeRequestProvider(String oasisDssWebFormURL, String attributes) { - this.oasisDssWebFormURL = oasisDssWebFormURL; - this.attributes = attributes; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java - * .lang.String) - */ - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, - ExternalAttributeRequestRequiredException { - if(!attributes.contains(attribute.getName())) { - throw new UnsupportedAttributeException(); - } - - requestedAttribute = attribute; - - throw new ExternalAttributeRequestRequiredException(this); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax - * .servlet.http.HttpServletRequest) - */ - public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { - Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request"); - - try { - String signResponse = new String(Base64.decodeBase64(httpReq.getParameter("signresponse")), "UTF8"); - List<String> values = new ArrayList<String>(); - values.add(signResponse); - - Logger.debug("Assembling signedDoc attribute"); - PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, - "Available"); - - // pack and return the result - PersonalAttributeList result = new PersonalAttributeList(); - result.add(signedDocAttribute); - return result; - } catch (UnsupportedEncodingException e) { - Logger.error("Failed to assemble signedDoc attribute"); - throw new MOAIDException("stork.05", null); - } - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect - * (java.lang.String) - */ - public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) - throws MOAIDException { - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm"); - VelocityContext context = new VelocityContext(); - context.put("signrequest", Base64.encodeBase64String(requestedAttribute.getValue().get(0).getBytes("UTF8"))); - context.put("clienturl", url); - context.put("action", oasisDssWebFormURL); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - resp.getOutputStream().write(writer.toString().getBytes()); - } catch (Exception e) { - Logger.error("Error sending DSS signrequest.", e); - throw new MOAIDException("stork.11", null); - } - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.util.List, java.lang.String, at.gv.egovernment.moa.id.data.IAuthData) - */ - @Override - public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, - String spCountyCode, IAuthData authData) - throws UnsupportedAttributeException, - ExternalAttributeRequestRequiredException, MOAIDException { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#getSupportedAttributeNames() - */ - @Override - public List<String> getSupportedAttributeNames() throws MOAIDException { - // TODO Auto-generated method stub - return null; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java index 7647c8e89..682af2a5e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java @@ -1,23 +1,30 @@ -package at.gv.egovernment.moa.id.protocols.stork2; +package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; + +import java.util.ArrayList; +import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; - +import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; -import java.util.List; - /** * An {@link AttributeProvider} can fetch a set of stork attributes. It might complete the query within one method call, * but might also need to redirect to another webservice to accomplish its task. */ -public interface AttributeProvider { +public abstract class AttributeProvider { + + protected String attributes; + + public AttributeProvider(String attributes){ + this.attributes = attributes; + } /** * Acquire the specified attribute. Returns {@code null} when attribute retrieval is in progress, but requires for @@ -32,9 +39,16 @@ public interface AttributeProvider { * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done * @throws MOAIDException the mOAID exception */ - public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; + protected abstract IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; - public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; + public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + if (attributes.size() == 1) { + return acquire(attributes.get(0), spCountyCode, authData); + } else { + throw new MOAIDException("stork.13", new Object[] { }); // TODO message only one attribute supported by this provider + + } + } /** * Perform redirect. @@ -45,7 +59,7 @@ public interface AttributeProvider { * @param oaParam the oa param * @throws MOAIDException the mOAID exception */ - public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; + public abstract void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; /** * Parses the response we got from the external attribute provider. @@ -55,7 +69,7 @@ public interface AttributeProvider { * @throws UnsupportedAttributeException if the provider cannot find anything familiar in the provided httpReq * @throws MOAIDException if something went wrong */ - public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; + public abstract IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; /** * Returns the list of supported attributes @@ -63,8 +77,13 @@ public interface AttributeProvider { * @return a list of attributes * @throws MOAIDException if something went wrong */ - public List<String> getSupportedAttributeNames() throws MOAIDException; - + public List<String> getSupportedAttributeNames() throws MOAIDException { + ArrayList<String> supportedAttributeNames = new ArrayList<String>(); + for (String attributeName : this.attributes.split(",")) { + supportedAttributeNames.add(attributeName); + } + return supportedAttributeNames; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java index 2c4793f8f..91cc86ca9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java @@ -1,7 +1,10 @@ -package at.gv.egovernment.moa.id.protocols.stork2; +package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; import java.io.StringWriter; -import java.util.*; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -15,11 +18,13 @@ import javax.xml.soap.SOAPElement; import javax.xml.soap.SOAPEnvelope; import javax.xml.soap.SOAPMessage; import javax.xml.soap.SOAPPart; + import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -30,14 +35,11 @@ import eu.stork.peps.complex.attributes.ObjectFactory; /** * Fetches the attribute IsHealthcareProfessional from the BAGDAD SOAP service */ -public class EHvdAttributeProviderPlugin implements AttributeProvider { +public class EHvdAttributeProviderPlugin extends AttributeProvider { /** The destination. */ private Object destination; - /** The attributes. */ - private String attributes; - /** * Instantiates a new e hvd attribute provider plugin. * @@ -45,14 +47,15 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { * @param attributes */ public EHvdAttributeProviderPlugin(String url, String supportedAttributes) { + super(supportedAttributes); destination = url; - attributes = supportedAttributes; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) + @Override + protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { @@ -202,16 +205,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { } } - @Override - public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { - if (attributes.size() == 1) { - return acquire(attributes.get(0), spCountyCode, authData); - } else { - throw new MOAIDException("stork.13", new Object[] { }); // TODO message only one attribute supported by this provider - - } - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter) */ @@ -230,12 +223,5 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { throw new UnsupportedAttributeException(); } - @Override - public List<String> getSupportedAttributeNames() throws MOAIDException { - ArrayList<String> supportedAttributeNames = new ArrayList<String>(); - for (String attributeName : this.attributes.split(",")) { - supportedAttributeNames.add(attributeName); - } - return supportedAttributeNames; - } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java index edba7b754..49250df6b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java @@ -1,55 +1,57 @@ -package at.gv.egovernment.moa.id.protocols.stork2; +package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; + +import java.io.StringWriter; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; -import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.StringWriter; -import java.util.ArrayList; -import java.util.List; /** * Provides mandate attribute from MIS */ -public class MandateAttributeRequestProvider implements AttributeProvider { +public class MandateAttributeRequestProvider extends AttributeProvider { /** * The destination. */ private String destination; - /** - * The attributes. - */ - private String attributes; - private String spCountryCode; private PersonalAttributeList requestedAttributes; public MandateAttributeRequestProvider(String aPurl, String supportedAttributes) throws MOAIDException { + super(supportedAttributes); destination = aPurl; - attributes = supportedAttributes; + } public String getAttrProviderName() { return "MandateAttributeRequestProvider"; } - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + @Override + protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName()); this.spCountryCode = spCountryCode; requestedAttributes = new PersonalAttributeList(1); @@ -153,15 +155,5 @@ public class MandateAttributeRequestProvider implements AttributeProvider { return null; // } - @Override - public List<String> getSupportedAttributeNames() throws MOAIDException { - ArrayList<String> supportedAttributeNames = new ArrayList<String>(); - for (String attributeName : this.attributes.split(",")) { - supportedAttributeNames.add(attributeName); - } - return supportedAttributeNames; - } - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java new file mode 100644 index 000000000..3256e1812 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java @@ -0,0 +1,492 @@ +package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; +import java.net.URL; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import javax.activation.DataSource; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.namespace.QName; +import javax.xml.transform.Source; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.stream.StreamSource; +import javax.xml.ws.Service; +import javax.xml.ws.soap.SOAPBinding; +import javax.xml.ws.BindingProvider; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang.NotImplementedException; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; +import at.gv.egovernment.moa.id.util.VelocityProvider; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.LightweightSourceResolver; +import eu.stork.oasisdss.api.exceptions.ApiUtilsException; +import eu.stork.oasisdss.api.exceptions.UtilsException; +import eu.stork.oasisdss.profile.Base64Data; +import eu.stork.oasisdss.profile.DocumentType; +import eu.stork.oasisdss.profile.IncludeObject; +import eu.stork.oasisdss.profile.SignRequest; +import eu.stork.oasisdss.profile.SignResponse; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import eu.stork.documentservice.DocumentService; +/** + * Forwards a signedDoc attribute request to the oasis-dss service instance + */ +public class SignedDocAttributeRequestProvider extends AttributeProvider { + + private String dtlUrl = null; + private PersonalAttribute requestedAttribute; + + /** + * The URL of the service listening for the oasis dss webform post request + */ + private String oasisDssWebFormURL; + + /** + * Instantiates a new signed doc attribute request provider. + * + * @param oasisDssWebFormURL + * the AP location + * @param attributes + */ + public SignedDocAttributeRequestProvider(String oasisDssWebFormURL, String attributes) { + super(attributes); + this.oasisDssWebFormURL = oasisDssWebFormURL; + //TODO load dtlUrl from config + dtlUrl = "http://mopsos.iaik.tugraz.at:8080/DocumentService/DocumentService"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java + * .lang.String) + */ + @Override + protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, + ExternalAttributeRequestRequiredException { + if(!attributes.contains(attribute.getName())) { + throw new UnsupportedAttributeException(); + } + + requestedAttribute = attribute; + + throw new ExternalAttributeRequestRequiredException(this); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax + * .servlet.http.HttpServletRequest) + */ + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { + Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request"); + + try { + String signResponseString = new String(Base64.decodeBase64(httpReq.getParameter("signresponse")), "UTF8"); + //TODO + //FIXME + //test123 + //create SignResponse object + Source response = new StreamSource(new java.io.StringReader(signResponseString)); + SignResponse signResponse = ApiUtils.unmarshal(response, SignResponse.class); + //extract doc from signresponse + DataSource dataSource = LightweightSourceResolver.getDataSource(signResponse); + + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + IOUtils.copy(dataSource.getInputStream(), baos); + byte[] data = baos.toByteArray(); + + //update doc in DTL + String docId, dssId = ""; + docId = signResponse.getDocUI(); + //For reference dssId equals docId + dssId = docId; + if (dssId != null && data!=null) + { + if(updateDocumentInDtl(data, docId, signResponseString)) + { +// SignResponse outRes = new SignResponse(); +// outRes.setDocUI(signResponse.getDocUI()); +// outRes.setProfile(signResponse.getProfile()); +// outRes.setRequestID(signResponse.getRequestID()); +// outRes.setSignatureObject(signResponse.getSignatureObject()); + //outRes; + + signResponse.getResult().setResultMinor(dtlUrl); + System.out.println("overwriting:"+signResponse.getResult().getResultMessage()+" with DTL url:"+dtlUrl); + InputStream istr = ApiUtils.marshalToInputStream(signResponse); + StringWriter writer = new StringWriter(); + IOUtils.copy(istr, writer, "UTF-8"); + signResponseString = writer.toString(); + System.out.println("SignResponse overwritten:"+signResponseString); + } + } + else + throw new Exception("No DSS id found."); + + + //alter signresponse + //done + List<String> values = new ArrayList<String>(); + values.add(signResponseString); + + Logger.debug("Assembling signedDoc attribute"); + PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, + "Available"); + + // pack and return the result + PersonalAttributeList result = new PersonalAttributeList(); + result.add(signedDocAttribute); + return result; + } catch (UnsupportedEncodingException e) { + Logger.error("Failed to assemble signedDoc attribute"); + throw new MOAIDException("stork.05", null); + } catch (ApiUtilsException e) { + e.printStackTrace(); + Logger.error("Failed to assemble signedDoc attribute"); + throw new MOAIDException("stork.05", null); + } catch (IOException e) { + e.printStackTrace(); + Logger.error("Failed to assemble signedDoc attribute"); + throw new MOAIDException("stork.05", null); + } catch (Exception e) { + e.printStackTrace(); + Logger.error("Failed to assemble signedDoc attribute"); + throw new MOAIDException("stork.05", null); + } + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect + * (java.lang.String) + */ + public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) + throws MOAIDException { + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm"); + VelocityContext context = new VelocityContext(); + + //Parse SignRequest + String signRequestString = requestedAttribute.getValue().get(0); + Source signDoc = new StreamSource(new java.io.StringReader(signRequestString)); + SignRequest signRequest = ApiUtils.unmarshal(signDoc, SignRequest.class); + try{ + //TODO + //FIXME + //search for DTL link + String dtlURL = getDtlUrlFromRequest(signRequest); + String docId = signRequest.getDocUI(); + + String docRequest = getDocTransferRequest(docId, dtlURL);//dtlUrl + + byte[] data = getDocumentFromDtl(docRequest, dtlURL);//dtlUrl + //load doc from DTL + System.out.println("data:"+data); + String mime = getDocumentMimeFromDtl(docId, dtlURL);//dtlUrl + System.out.println("mime:"+mime); + //add doc as base64* to signrequest => post doc to oasis + try{ + List<IncludeObject> includeObjects = ApiUtils.findNamedElement( + signRequest.getOptionalInputs(), "IncludeObject", + IncludeObject.class); + signRequest.getOptionalInputs().getAny().removeAll(includeObjects); + + DocumentType document = new DocumentType(); + Base64Data b64data = new Base64Data(); + b64data.setValue(data); + b64data.setMimeType(mime); + document.setBase64Data(b64data); + signRequest.setInputDocuments(ApiUtils.createInputDocuments(document)); + //override old signRequestString + + InputStream istr = ApiUtils.marshalToInputStream(signRequest); + StringWriter writer = new StringWriter(); + IOUtils.copy(istr, writer, "UTF-8"); + signRequestString = writer.toString(); + System.out.println("Signrequest overwritten"); + } catch (Exception e) { + e.printStackTrace(); + throw new Exception("Could not marshall sign request", e); + } + + + }catch(Exception e) + { + Logger.info("No documentservice used?"); + e.printStackTrace(); + } + + context.put("signrequest", Base64.encodeBase64String(signRequestString.getBytes("UTF8"))); + context.put("clienturl", url); + context.put("action", oasisDssWebFormURL); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending DSS signrequest.", e); + throw new MOAIDException("stork.11", null); + } + } + + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#getSupportedAttributeNames() + */ + @Override + public List<String> getSupportedAttributeNames() throws MOAIDException { + ArrayList<String> supportedAttributeNames = new ArrayList<String>(); + for (String attributeName : this.attributes.split(",")) { + supportedAttributeNames.add(attributeName); + } + return supportedAttributeNames; + } + + + //From DTLPEPSUTIL + + /** + * Get DTL uril from the oasis sign request + * @param signRequest The signature request + * @return The URL of DTL service + * @throws SimpleException + */ + private String getDtlUrlFromRequest(SignRequest signRequest) throws Exception + { + if (signRequest == null) + throw new Exception("Signature request is empty"); + else + { + try + { + Object objDoc = signRequest.getInputDocuments().getDocumentOrTransformedDataOrDocumentHash().get(0); + if (objDoc instanceof DocumentType) + { + DocumentType document = (DocumentType)objDoc; + if (document.getDocumentURL() != null) + return document.getDocumentURL(); + else + throw new Exception("No document url found"); + } + else + throw new Exception("No input document found"); + } + catch (Exception ex) + { + throw new Exception("Unable to parse xml.", ex); + } + } + } + + /** + * Get document from DTL + * @param transferRequest The transfer request (attribute query) + * @param eDtlUrl The DTL url of external DTL + * @return the document data + * @throws SimpleException + */ + private byte[] getDocumentFromDtl(String transferRequest, String eDtlUrl) throws Exception + { + URL url = null; + try + { + url = new URL(dtlUrl); + QName qname = new QName("http://stork.eu", + "DocumentService"); + + Service service = Service.create(url, qname); + DocumentService docservice = service.getPort(DocumentService.class); + + BindingProvider bp = (BindingProvider) docservice; + SOAPBinding binding = (SOAPBinding) bp.getBinding(); + binding.setMTOMEnabled(true); + + if (eDtlUrl.equalsIgnoreCase(dtlUrl)) + return docservice.getDocument(transferRequest, ""); + else + return docservice.getDocument(transferRequest, eDtlUrl); + } + catch (Exception e) + { + e.printStackTrace(); + throw new Exception("Error in getDocumentFromDtl", e); + } + } + + /** + * Get a document transfer request (attribute query) + * @param docId + * @return + * @throws SimpleException + */ + private String getDocTransferRequest(String docId, String destinationUrl) throws Exception + { + final STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");//getInstance(samlDTLInstance); + STORKAttrQueryRequest req = new STORKAttrQueryRequest(); + req.setAssertionConsumerServiceURL(dtlUrl); + req.setDestination(destinationUrl); + req.setSpCountry("IS");//FIXME + req.setQaa(3);//TODO + PersonalAttributeList pal = new PersonalAttributeList(); + PersonalAttribute attr = new PersonalAttribute(); + attr.setName("docRequest"); + attr.setIsRequired(true); + attr.setValue(Arrays.asList(docId)); + pal.add(attr); + req.setPersonalAttributeList(pal); + + STORKAttrQueryRequest req1; + try { + req1 = engine.generateSTORKAttrQueryRequest(req); + return PEPSUtil.encodeSAMLTokenUrlSafe(req1.getTokenSaml()); + } catch (STORKSAMLEngineException e) { + e.printStackTrace(); + throw new Exception("Error in doc request attribute query generation", e); + } + } + + /** + * Get mime type of document from DTL + * @param docId The document id + * @param dtlUrl The url of dtl + * @return The mime type + */ + private String getDocumentMimeFromDtl(String docId, String eDtlUrl) throws Exception + { + URL url = null; + try + { + url = new URL(dtlUrl); + QName qname = new QName("http://stork.eu", + "DocumentService"); + + Service service = Service.create(url, qname); + DocumentService docservice = service.getPort(DocumentService.class); + + BindingProvider bp = (BindingProvider) docservice; + SOAPBinding binding = (SOAPBinding) bp.getBinding(); + binding.setMTOMEnabled(true); + + if (eDtlUrl.equalsIgnoreCase(dtlUrl)) + return docservice.getDocumentMime(docId, ""); + else + return docservice.getDocumentMime(docId, eDtlUrl); + } + catch (Exception e) + { + e.printStackTrace(); + throw new Exception("Error in getDocumentFromDtl", e); + } + } + + /** + * Add document to DTL service + * @param docData the document data + * @param mime the mime type of data + * @param signRequest the sign request + * @return the document id + * @throws SimpleException + */ + private String addDocumentToDtl(byte[] docData, String mime, String signRequest, String destCountry, String spId) throws Exception + { + throw new NotImplementedException(); +// URL url = null; +// String docID = null; +// try +// { +// url = new URL(dtlUrl); +// QName qname = new QName("http://stork.eu", +// "DocumentService"); +// +// Service service = Service.create(url, qname); +// DocumentService docservice = service.getPort(DocumentService.class); +// +// BindingProvider bp = (BindingProvider) docservice; +// SOAPBinding binding = (SOAPBinding) bp.getBinding(); +// binding.setMTOMEnabled(true); +// +// docID = docservice.addDocument(docData, signRequest, destCountry, spId, mime, ""); +// } +// catch (Exception e) +// { +// e.printStackTrace(); +// throw new Exception("Error in addDocumentToDtl", e); +// } +// +// return docID; + } + + /** + * Update document in DTL + * @param docData The docment data + * @param docId The document ID + * @param signResponse The signature response + * @return True if successful + * @throws SimpleException + */ + private boolean updateDocumentInDtl(byte[] docData, String docId, String signResponse) throws Exception + { + boolean success = false; + URL url = null; + try + { + url = new URL(dtlUrl); + QName qname = new QName("http://stork.eu", + "DocumentService"); + + Service service = Service.create(url, qname); + DocumentService docservice = service.getPort(DocumentService.class); + + BindingProvider bp = (BindingProvider) docservice; + SOAPBinding binding = (SOAPBinding) bp.getBinding(); + binding.setMTOMEnabled(true); + + success = docservice.updateDocument(docId, signResponse, docData); + } + catch (Exception e) + { + e.printStackTrace(); + throw new Exception("Error in addDocumentToDtl", e); + } + + return success; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java index 3a73dafae..4ec77e13d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java @@ -1,7 +1,6 @@ -package at.gv.egovernment.moa.id.protocols.stork2; +package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; import java.io.StringWriter; -import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -10,15 +9,15 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; - import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -31,16 +30,13 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException; /** * creates a STORK attribute request for a configurable set of attributes */ -public class StorkAttributeRequestProvider implements AttributeProvider { +public class StorkAttributeRequestProvider extends AttributeProvider { private PersonalAttributeList requestedAttributes; /** The destination. */ private String destination; - /** The attributes. */ - private String attributes; - /** The sp country code. */ private String spCountryCode; @@ -51,14 +47,15 @@ public class StorkAttributeRequestProvider implements AttributeProvider { * @param supportedAttributes the supported attributes as csv */ public StorkAttributeRequestProvider(String apUrl, String supportedAttributes) { - destination = apUrl; - attributes = supportedAttributes; + super(supportedAttributes); + destination = apUrl; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) + @Override + protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { if (!attributes.contains(attribute.getName())) @@ -161,26 +158,5 @@ public class StorkAttributeRequestProvider implements AttributeProvider { Logger.info("STORK AttrRequest successfully rendered!"); } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.util.List, java.lang.String, at.gv.egovernment.moa.id.data.IAuthData) - */ - @Override - public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, - String spCountyCode, IAuthData authData) - throws UnsupportedAttributeException, - ExternalAttributeRequestRequiredException, MOAIDException { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#getSupportedAttributeNames() - */ - @Override - public List<String> getSupportedAttributeNames() throws MOAIDException { - // TODO Auto-generated method stub - return null; - } - } diff --git a/id/server/moa-id-stork-tmp/src/main/java/StorkConnectorServlet.java b/id/server/moa-id-stork-tmp/src/main/java/StorkConnectorServlet.java new file mode 100644 index 000000000..512e619a6 --- /dev/null +++ b/id/server/moa-id-stork-tmp/src/main/java/StorkConnectorServlet.java @@ -0,0 +1,52 @@ + +import java.io.IOException; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.xml.util.XMLHelper; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.auth.stork.STORKException; +import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.mw.messages.saml.STORKResponse; +import eu.stork.vidp.messages.util.XMLUtil; + +/** + * Endpoint for receiving STORK response messages + */ +public class StorkConnectorServlet extends AuthServlet { + private static final long serialVersionUID = 1L; + + public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/STORKConnector"; + + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + */ + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + } +} diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java index 39be750cd..d415375e7 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java @@ -455,7 +455,7 @@ public class SignSW implements SAMLEngineSignI { new ExplicitKeyTrustEvaluator(); if (!keyTrustEvaluator.validate(entityX509Cred, trustCred)) { - throw new SAMLEngineException("Certificate is not trusted."); + throw new SAMLEngineException("Certificate is not trusted."); } // Validate signature |