diff options
Diffstat (limited to 'id')
7 files changed, 110 insertions, 74 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 91326a51d..d33b33c77 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -33,88 +33,96 @@ public class AuthenticationRequest implements IAction {      private VelocityEngine velocityEngine; -    private AuthenticationSession moaSession; -    private MOASTORKRequest moaStorkRequest; +    private AuthenticationSession moaSession = null; +    private MOASTORKRequest moaStorkRequest = null;      public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {          this.moaSession = moasession; -        this.moaStorkRequest = (MOASTORKRequest) req; -        if (moasession.getUseMandate()) { -            try { -                MISMandate mandate = moasession.getMISMandate(); -                String owbpk = mandate.getOWbPK(); -                byte[] mand = mandate.getMandate(); -                String profprep = mandate.getProfRep(); -                //String textdesc = mandate.getTextualDescriptionOfOID(); -                Element mndt = moasession.getMandate(); - -                iterate(mndt.getAttributes()); -                Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); -            } catch (Exception x) { -                Logger.debug("There is no mandate used in transaction"); +        if (req instanceof MOASTORKRequest) { + +            this.moaStorkRequest = (MOASTORKRequest) req; + + +            if (moasession.getUseMandate()) { +                try { +                    MISMandate mandate = moasession.getMISMandate(); +                    String owbpk = mandate.getOWbPK(); +                    byte[] mand = mandate.getMandate(); +                    String profprep = mandate.getProfRep(); +                    //String textdesc = mandate.getTextualDescriptionOfOID(); +                    Element mndt = moasession.getMandate(); + +                    iterate(mndt.getAttributes()); +                    Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); +                } catch (Exception x) { +                    Logger.debug("There is no mandate used in transaction"); +                }              } -        } -        Logger.debug("Starting AuthenticationRequest"); -        httpResp.reset(); +            Logger.debug("Starting AuthenticationRequest"); +            httpResp.reset(); -        STORKAuthnResponse authnResponse = new STORKAuthnResponse(); -        authnResponse.setCountry(((MOASTORKRequest) req).getStorkAuthnRequest().getSpCountry()); +            STORKAuthnResponse authnResponse = new STORKAuthnResponse(); +            authnResponse.setCountry(moaStorkRequest.getStorkAuthnRequest().getSpCountry()); -        OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); -        if (oaParam == null) -            throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); +            OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); +            if (oaParam == null) +                throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); -        // Prepare basic AT attributes -        try { -            IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); -            Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); +            // Prepare basic AT attributes +            try { +                IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); +                Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); -            for (PersonalAttribute personalAttribute : moaAttrList) { -                Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); -                if (personalAttribute.getValue().size() > 0) { -                    for (String value : personalAttribute.getValue()) { -                        Logger.info("     Value found: " + value); +                for (PersonalAttribute personalAttribute : moaAttrList) { +                    Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); +                    if (personalAttribute.getValue().size() > 0) { +                        for (String value : personalAttribute.getValue()) { +                            Logger.info("     Value found: " + value); +                        }                      }                  } -            } -        } catch (Exception e) { -            Logger.error("Exception, attributes: " + e.getMessage()); -        } +            } catch (Exception e) { +                Logger.error("Exception, attributes: " + e.getMessage()); +            } -        // Get personal attributtes from MOA/IdentityLink -        authnResponse.setPersonalAttributeList(populateAttributes()); +            // Get personal attributtes from MOA/IdentityLink +            authnResponse.setPersonalAttributeList(populateAttributes()); -        // Prepare extended attributes -        Logger.debug("Preparing data container"); +            // Prepare extended attributes +            Logger.debug("Preparing data container"); -        // create fresh container -        DataContainer container = new DataContainer(); +            // create fresh container +            DataContainer container = new DataContainer(); -        // - fill in the request we extracted above -        container.setRequest(((MOASTORKRequest) req).getStorkAuthnRequest()); +            // - fill in the request we extracted above +            container.setRequest(moaStorkRequest.getStorkAuthnRequest()); -        // - fill in the partial response created above -        container.setResponse(authnResponse); +            // - fill in the partial response created above +            container.setResponse(authnResponse); -        // - memorize the target url were we have to return the result -        container.setTarget(((MOASTORKRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); +            // - memorize the target url were we have to return the result +            container.setTarget(moaStorkRequest.getStorkAuthnRequest().getAssertionConsumerServiceURL()); -        container.setRemoteAddress(httpReq.getRemoteAddr()); +            container.setRemoteAddress(httpReq.getRemoteAddr()); -        Logger.debug("Data container prepared"); +            Logger.debug("Data container prepared"); -        return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); +            return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); +        } else { +            Logger.error("Could not recognize request."); +            throw new MOAIDException("stork.15", null); +        }      }      public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 669a9389b..9c0869d97 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -20,7 +20,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)  	 */ -	@Override  	public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession)  			throws UnsupportedAttributeException {  		PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); @@ -31,7 +30,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)  	 */ -	@Override  	public IPersonalAttributeList parse(HttpServletRequest httpReq) {  		// TODO Auto-generated method stub  		return null; @@ -40,7 +38,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)  	 */ -	@Override  	public void performRedirect(String url, String citizenCountyCode,  			HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) {  		// we should not get here diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index 2f6b69075..26fc00406 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -20,7 +20,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)  	 */ -	@Override  	public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession)  			throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {  		throw new ExternalAttributeRequestRequiredException(this); @@ -29,7 +28,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)  	 */ -	@Override  	public IPersonalAttributeList parse(HttpServletRequest httpReq) {  		PersonalAttributeList requestedAttributes = new PersonalAttributeList(1);  		requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList<String>(), "")); @@ -39,7 +37,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)  	 */ -	@Override  	public void performRedirect(String url, String citizenCountyCode,  			HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) {  		// we should not get here diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java new file mode 100644 index 000000000..7665bb239 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Implements Attribute Provider for Mandates + */ +public class MISAttributeProvider implements AttributeProvider { +    public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { +        return null;  // +    } + +    public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { +        // +    } + +    public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { +        return null;  // +    } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 8c7fd8706..1776d958c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -1,11 +1,13 @@  package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException;  import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.logging.Logger;  import eu.stork.peps.auth.commons.STORKAttrQueryRequest;  import eu.stork.peps.auth.commons.STORKAuthnRequest;  /** - * Implements MOA request and stores StorkAuthnRequest related data + * Implements MOA request and stores StorkAuthn/Attr-Request related data   *   * @author bsuzic   */ @@ -32,7 +34,6 @@ public class MOASTORKRequest implements IRequest {          if (request != null) {              isAttrRequest = true;          } -      }      public boolean isAttrRequest() { @@ -49,8 +50,14 @@ public class MOASTORKRequest implements IRequest {      }      public String getOAURL() { - -        return storkAuthnRequest.getAssertionConsumerServiceURL(); +        if (isAuthnRequest) +            return storkAuthnRequest.getAssertionConsumerServiceURL(); +        else if (isAttrRequest) +            return storkAttrQueryRequest.getAssertionConsumerServiceURL(); +        else { +            Logger.error("There is no authentication or attribute request contained in MOASTORKRequest."); +            return null; +        }      }      public boolean isPassiv() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 3b9a5bc29..e68b66510 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -6,9 +6,7 @@ import at.gv.egovernment.moa.id.moduls.IAction;  import at.gv.egovernment.moa.id.moduls.IModulInfo;  import at.gv.egovernment.moa.id.moduls.IRequest;  import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.STORKAttrQueryRequest; -import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.*;  import eu.stork.peps.auth.engine.STORKSAMLEngine;  import eu.stork.peps.exceptions.STORKSAMLEngineException;  import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -93,14 +91,15 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {          }          //Get SAMLEngine instance -        STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); +        STORKSAMLEngine authnEngine = STORKSAMLEngine.getInstance("incoming"); +        STORKSAMLEngine attrEngine = STORKSAMLEngine.getInstance("incoming_attr");          STORKAuthnRequest authnRequest = null;          STORKAttrQueryRequest attrRequest = null;          // check if valid authn request is contained          try { -            authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); +            authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken);          } catch (STORKSAMLEngineException ex) {              Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());          } @@ -108,17 +107,16 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {          // check if a valid attr request is container          try { -            attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); +            attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken);          } catch (STORKSAMLEngineException ex) {              Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());          } - -        Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL()); -        Logger.error("cc " + authnRequest.getCitizenCountryCode()); -        Logger.error("iss " + authnRequest.getIssuer()); -        Logger.error("spid " + authnRequest.getSPID()); -        Logger.error("spi " + authnRequest.getSpInstitution()); +        // if there is no authn or attr request, raise error +        if ((authnRequest == null) && (attrRequest == null)) { +            Logger.error("There is no authentication or attribute request contained."); +            throw new MOAIDException("stork.14", null); +        }          STORK2Request.setSTORKAuthnRequest(authnRequest);          STORK2Request.setSTORKAttrRequest(attrRequest); diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 4007eacdc..99d5d7612 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -208,6 +208,8 @@ stork.10=Fehler in der Verbindung zum SZR-Gateway  stork.11=Fehler beim Sammeln von StorkAttributen
  stork.12=Konnte keine VIDP Konfiguration finden
  stork.13=Fehler beim Sammeln eines Attributes in einem AttributProviderPlugin
 +stork.14=Es wurde weder Authentifizierungs/  noch Attributerequest empfangen
 +stork.15=Unbekannte request.
  pvp2.00={0} ist kein gueltiger consumer service index
  pvp2.01=Fehler beim kodieren der PVP2 Antwort
 | 
