diff options
Diffstat (limited to 'id')
19 files changed, 1329 insertions, 77 deletions
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 2871c24e4..7733be5d0 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -234,7 +234,7 @@ webpages.oaconfig.menu.vidp.hidden=Hide VIDP configuration webpages.oaconfig.menu.stork=STORK configuration -webpages.oaconfig.protocols.header=Authentication logs +webpages.oaconfig.protocols.header=Authentication protocols webpages.oaconfig.general.BKUSelection.button.show=Show configuration of login window webpages.oaconfig.general.BKUSelection.button.hidden=Hide configuration of login window diff --git a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml index 166a48ff8..eca38ec8c 100644 --- a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml +++ b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml @@ -61,7 +61,7 @@ <!-- Specific signature module --> <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" /> <!-- Settings specific module --> - <parameter name="fileConfiguration" value="SignModule_incoming.xml" /> + <parameter name="fileConfiguration" value="SignModule_VIDP.xml" /> </configuration> </instance> diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml index 83e69ac23..5aff0d1fa 100644 --- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml +++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml @@ -90,5 +90,6 @@ <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry> <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry> <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry> + <entry key="mandateType">http://www.stork.gov.eu/1.0/mandateType</entry> </properties> diff --git a/id/server/doc/stork/VIDP Installation Manual_STORK2_v0.1.docx b/id/server/doc/stork/VIDP Installation Manual_STORK2_v0.1.docx Binary files differnew file mode 100644 index 000000000..8cc7e2c0b --- /dev/null +++ b/id/server/doc/stork/VIDP Installation Manual_STORK2_v0.1.docx diff --git a/id/server/doc/stork/VIDP Installation Manual_STORK2_v0.1.pdf b/id/server/doc/stork/VIDP Installation Manual_STORK2_v0.1.pdf Binary files differnew file mode 100644 index 000000000..f213698a7 --- /dev/null +++ b/id/server/doc/stork/VIDP Installation Manual_STORK2_v0.1.pdf diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a35bee2f8..e83718949 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1705,11 +1705,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { String destination = cpeps.getPepsURL().toExternalForm(); Logger.debug("C-PEPS URL: " + destination); - String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; + + String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + String acsURL = new DataURLBuilder().buildDataURL(issuerValue, + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID()); Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); String providerName = oaParam.getFriendlyName(); - String issuerValue = HTTPUtils.getBaseURL(req); Logger.debug("Issuer value: " + issuerValue); // prepare collection of required attributes @@ -1782,6 +1784,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("STORK AuthnRequest succesfully assembled."); STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); + + if (samlEngine == null) { + Logger.error("Could not initalize STORK SAML engine."); + throw new MOAIDException("stork.00", null); + + } + try { authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); } catch (STORKSAMLEngineException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 2b5879901..b9f01ca9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -16,9 +16,10 @@ import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; + import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import javax.servlet.http.HttpServletRequest; @@ -54,6 +55,52 @@ public class AttributeCollector implements IAction { throw new MOAIDException("stork.11", null); } + + // TODO extract attribute response and check if it corresponds to the container + + if (httpReq.getParameter("SAMLResponse") != null) { + Logger.info("Got SAML response from external attribute provider."); + + MOASTORKResponse STORK2Response = new MOASTORKResponse(); + + //extract STORK Response from HTTP Request + byte[] decSamlToken; + try { + decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse")); + } catch (NullPointerException e) { + if (httpReq.getRemoteHost().contains("129.27.142")) { + Logger.warn("Availability check by " + httpReq.getRemoteHost() + " on URI: " + httpReq.getRequestURI()); + } else { + Logger.error("Unable to retrieve STORK Request for host: " + httpReq.getRemoteHost() + " and URI: " + httpReq.getRequestURI(), e); + } + throw new MOAIDException("stork.04", null); + } + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + + STORKAuthnResponse authnResponse = null; + + + // check if valid authn request is contained + try { + authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, httpReq.getRemoteAddr()); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage()); + } + + STORK2Response.setSTORKAuthnResponseToken(decSamlToken); + + if (authnResponse.getPersonalAttributeList().size() > 0) { + Logger.info("Response from external attribute provider contains " + authnResponse.getPersonalAttributeList().size() + " attributes."); + addOrUpdateAll(container.getResponse().getPersonalAttributeList(), authnResponse.getPersonalAttributeList()); + } + + } + + // end addition + + // read configuration parameters of OA OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); if (oaParam == null) @@ -79,7 +126,8 @@ public class AttributeCollector implements IAction { } // - insert the embedded attribute(s) into the container - addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes); + if (null != newAttributes) + addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes); // see if we need some more attributes SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam); @@ -161,6 +209,7 @@ public class AttributeCollector implements IAction { new ConsentEvaluator().generateSTORKResponse(response, container); return null; // AssertionId + // TODO } catch (ExternalAttributeRequestRequiredException e) { // the attribute request is ongoing and requires an external service. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 3ac71be3b..0312f776b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -3,26 +3,35 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; -import org.joda.time.DateTime; import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.StringWriter; +import java.net.MalformedURLException; +import java.net.URL; /** @@ -44,24 +53,24 @@ public class AuthenticationRequest implements IAction { this.authData = authData; - if (req instanceof MOASTORKRequest) { + if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("AT")) { this.moaStorkRequest = (MOASTORKRequest) req; Logger.debug("Entering MOASTORKRequest"); httpResp.reset(); - + //TODO: CHECK: req.getOAURL() should return the unique OA identifier OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); - + // check if it is attribute query if (moaStorkRequest.isAttrRequest()) { Logger.debug("Starting AttrQueryRequest"); - + moaStorkResponse.setSTORKAttrResponse(new STORKAttrQueryResponse()); } // check if we have authentication request @@ -69,22 +78,20 @@ public class AuthenticationRequest implements IAction { Logger.debug("Starting AuthenticationRequest"); moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); + //STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - - Logger.debug("Starting generation of SAML response"); - try { - moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(),httpReq.getRemoteAddr(), false)); - } catch (STORKSAMLEngineException ex) { - // TODO - } + // Logger.debug("Starting generation of SAML response"); + // try { + // moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(), httpReq.getRemoteAddr(), false)); + // } catch (STORKSAMLEngineException ex) { + // Logger.error("Failed to generate STORK SAML Response", ex); + // throw new MOAIDException("stork.05", null); // TODO + // } // Get personal attributtes from MOA/IdentityLink moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam)); - - } - + //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); // Prepare extended attributes @@ -101,31 +108,285 @@ public class AuthenticationRequest implements IAction { container.setRemoteAddress(httpReq.getRemoteAddr()); + Logger.debug("Data container prepared"); - STORKAuthnResponse arep = moaStorkResponse.getStorkAuthnResponse(); + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam); + } + // check if we are getting request for citizen of some other country + else if (req instanceof MOASTORKRequest) { + return handleMOAStorkRequest("VIDP", (MOASTORKRequest) req, httpReq.getRemoteAddr(), httpResp); + } + // Check if we got the response from PEPS + // If so then process it and forward to SP + else if ((req instanceof MOASTORKResponse)) { + return handleMOAStorkResponse("VIDP", (MOASTORKResponse) req, httpReq.getRemoteAddr(), httpResp); + } else { + Logger.error("Could not recognize request."); + throw new MOAIDException("stork.15", null); + } + } - arep.setCountry("XX"); - arep.setInResponseTo("xxxx"); - arep.setMessage("xxxx"); - arep.setSamlId("xxxx"); - arep.setStatusCode("xxxx"); + /* + Handles STORKAuthnRequeste received for citizens of other countries + */ + private SLOInformationInterface handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException { - // arep.setNotBefore(new DateTime().withTimeAtStartOfDay()); - // arep.setNotOnOrAfter(new DateTime().withTimeAtStartOfDay()); + STORKAuthnRequest spAuthnRequest = moastorkRequest.getStorkAuthnRequest(); + STORKAuthnRequest storkAuthnRequest = null; + String citizenCountryCode = spAuthnRequest.getCitizenCountryCode(); + Logger.info("Got authentication request for citizen of " + citizenCountryCode); - Logger.debug("Data container prepared"); + try { + storkAuthnRequest = (STORKAuthnRequest) spAuthnRequest.clone(); + } catch (CloneNotSupportedException e) { + Logger.error("Could not clone AuthnRequest ", e); + throw new MOAIDException("stork.05", null); // TODO + } //TODO: in case of Single LogOut -> SLO information has to be stored - return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam); - } else { - Logger.error("Could not recognize request."); - throw new MOAIDException("stork.15", null); + // check if citizen country is configured in the system + if (!(AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) { + Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode); + throw new MOAIDException("stork.05", null); // TODO + } + + // extracting basic settings and adjusting assertion consumer + String issuer = null; + String assertionConsumerURL = null; + String publicURLPrefix = null; + String destinationURL = null; + + try { + issuer = new URL(AuthConfigurationProvider.getInstance().getPublicURLPrefix()).toString(); + destinationURL = AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString(); + publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest"; + } catch (MalformedURLException ex) { + Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProvider.getInstance().getPublicURLPrefix(), ex); + throw new MOAIDException("stork.05", null); // TODO + } catch (Exception ex) { + Logger.error("Problem with PEPS configuration of MOA instance.", ex); + throw new MOAIDException("stork.05", null); // TODO + } + + + // drop if we do not have publicprefix url configured on the instance + if (publicURLPrefix == null) + throw new AuthenticationException("stork.12", new String[]{"PublicURLPrefix"}); + + // adjusting request + storkAuthnRequest.setEIDCrossBorderShare(spAuthnRequest.isEIDCrossBorderShare()); + storkAuthnRequest.setEIDSectorShare(spAuthnRequest.isEIDSectorShare()); + storkAuthnRequest.setEIDCrossSectorShare(spAuthnRequest.isEIDCrossSectorShare()); + storkAuthnRequest.setCitizenCountryCode(spAuthnRequest.getCitizenCountryCode()); + storkAuthnRequest.setIssuer(issuer); + storkAuthnRequest.setAssertionConsumerServiceURL(assertionConsumerURL); + storkAuthnRequest.setDestination(destinationURL); + + // regenerate request + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + Logger.debug("Starting generation of SAML request"); + storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest); + + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + // store original request from SP in order to be able to extract it in later iteration/response + DataContainer spRequestContainer = new DataContainer(); + spRequestContainer.setRequest(moastorkRequest); + + try { + AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), spRequestContainer); + Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request with id " + spAuthnRequest.getSamlId()); + } catch (MOADatabaseException e) { + e.printStackTrace(); + } + + // preparing redirection for the client + performRedirection("SAMLRequest", destinationURL, storkAuthnRequest.getTokenSaml(), httpResp); + + SLOInformationImpl sloInfo = new SLOInformationImpl(); + sloInfo.setProtocolType(moastorkRequest.requestedModule()); + return sloInfo; + } + + /* + Handles STORKAuthnResponse received from PEPS (return to SP) + */ + private SLOInformationInterface handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException { + + STORKAuthnResponse authnResponse = null; + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance(instanceName); + + try { + authnResponse = engine.validateSTORKAuthnResponse(moastorkResponse.getSTORKAuthnResponseToken(), remoteAddr); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage()); + throw new MOAIDException("stork.15", null); // TODO + } + + Logger.debug("Requesting artifactId " + authnResponse.getInResponseTo() + " from store."); + + DataContainer dataContainer = null; + try { + dataContainer = AssertionStorage.getInstance().get(authnResponse.getInResponseTo(), DataContainer.class); + } catch (MOADatabaseException e) { + Logger.error("Unable to retrieve datacontainer with reference authentication request. Database exception."); + throw new MOAIDException("stork.15", null); // TODO + } + + // setting new reference request and return url + authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId()); + authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL()); + //AudienceRestrictionBuilder audienceRestrictionBuilder = new AudienceRestrictionBuilder(); + //AudienceRestriction audienceRestriction = audienceRestrictionBuilder.buildObject(dataContainer.getRequest().getAssertionConsumerServiceURL(), "localname", "nameprefix"); + + //authnResponse.getAssertions().get(0).getConditions().getAudienceRestrictions().add(audienceRestriction); + + Logger.debug("Starting generation of SAML response"); + try { + authnResponse = engine.generateSTORKAuthnResponse(dataContainer.getRequest().getStorkAuthnRequest(), authnResponse, remoteAddr, false); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); // TODO check + } + + Logger.info("SAML response succesfully generated."); + + // preparing redirection for the client + performRedirection("SAMLResponse", dataContainer.getRequest().getAssertionConsumerServiceURL(), authnResponse.getTokenSaml(), httpResp); + + return null; + } + + /* + Perform redirection of the client based on post binding + */ + private void performRedirection(String actionType, String assertionConsumerURL, byte[] tokenSaml, HttpServletResponse httpResp) throws MOAIDException { + Logger.info("Performing redirection, using action type: " + actionType); + + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + + context.put(actionType, PEPSUtil.encodeSAMLToken(tokenSaml)); + Logger.debug("Encoded " + actionType + " original: " + new String(tokenSaml)); + + Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL); + context.put("action", assertionConsumerURL); + + Logger.debug("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.debug("Doing template merge"); + template.merge(context, writer); + Logger.debug("Template merge done"); + + Logger.debug("Sending html content: " + writer.getBuffer().toString()); + Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + + } catch (IOException e) { + Logger.error("Velocity IO error: " + e.getMessage()); + throw new MOAIDException("stork.15", null); // TODO + } catch (Exception e) { + Logger.error("Velocity general error: " + e.getMessage()); + throw new MOAIDException("stork.15", null); // TODO + } + + } + + public void generatePEPSRedirect(HttpServletResponse httpResp, DataContainer container) throws MOAIDException { + MOASTORKRequest request = container.getRequest(); + MOASTORKResponse response = container.getResponse(); + + Logger.info("generating stork response..."); + + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + Logger.debug("Starting generation of SAML response"); + if (response.isAuthnResponse()) + response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false)); + else + response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false)); + + + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + // preparing redirection for the client + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + + byte[] blob; + if (request.isAttrRequest()) + blob = response.getStorkAttrQueryResponse().getTokenSaml(); + else + blob = response.getStorkAuthnResponse().getTokenSaml(); + + context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob)); + Logger.debug("SAMLResponse original: " + new String(blob)); + + Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL()); + context.put("action", request.getAssertionConsumerServiceURL()); + Logger.debug("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.debug("Doing template merge"); + template.merge(context, writer); + Logger.debug("Template merge done"); + + Logger.debug("Sending html content: " + writer.getBuffer().toString()); + Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); } } + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + + // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country + if (req instanceof MOASTORKRequest) { + MOASTORKRequest moastorkRequest = (MOASTORKRequest) req; + if (moastorkRequest.getStorkAuthnRequest() != null) { + String citizenCountryCode = moastorkRequest.getStorkAuthnRequest().getCitizenCountryCode(); + // check if citizen country is configured in the system + try { + if (AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode)) { + return false; + } + } catch (MOAIDException e) { + Logger.error("Could not initialize AuthConfigurationProvider"); + } + } + // authentication is not required if received authentication response + } else if (req instanceof MOASTORKResponse) { + return false; + } + return true; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java new file mode 100644 index 000000000..4bea124cb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java @@ -0,0 +1,99 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; +import javanet.staxutils.SimpleNamespaceContext; +import org.xml.sax.InputSource; + +import javax.xml.xpath.XPath; +import javax.xml.xpath.XPathExpressionException; +import javax.xml.xpath.XPathFactory; +import java.io.StringReader; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.HashMap; + +/** + * Physical person representing corporate body + * + * @author bsuzic + * Date: 4/29/14, Time: 3:40 PM + */ +public class CorporateBodyMandateContainer extends MandateContainer { + + protected String corpMandatorIdentificationValue = null; + protected String corpMandatorIdentificationType = null; + protected String corpMandatorFullName = null; + + + String localMethods[] = new String[]{"getCorpMandatorIdentificationValue", "getCorpMandatorIdentificationType", "getCorpMandatorFullName", + "getMandateIssuePlace", "getMandateIssueDate", "getMandateIssueTime", "getSimpleMandateContent", "getMandateValidFrom", + "getMandateValidTo", "getPhysicalRepresentativeIdentificationValue", "getPhysicalRepresentativeIdentificationType", "getAnnotation", + "getPhysicalRepresentativeGivenName", "getPhysicalRepresentativeFamilyName", "getPhysicalRepresentativeBirthDate" + }; + + public CorporateBodyMandateContainer(String mandate) throws XPathExpressionException, MOAIDException { + super(mandate); + Logger.debug("Initializing corporate body mandate container."); + + setAnnotation(xPath.evaluate(S2Constants.MANDATE_ANNOTATION_QUERY, new InputSource(new StringReader(mandate)))); + setCorpMandatorFullName(xPath.evaluate(S2Constants.MANDATE_MANDATOR_CORPBODY_FULLNAME_QUERY, new InputSource(new StringReader(mandate)))); + setCorpMandatorIdentificationType(xPath.evaluate(S2Constants.MANDATE_MANDATOR_CORPBODY_IDTYPE_QUERY, new InputSource(new StringReader(mandate)))); + setCorpMandatorIdentificationValue(xPath.evaluate(S2Constants.MANDATE_MANDATOR_CORPBODY_IDVALUE_QUERY, new InputSource(new StringReader(mandate)))); + setMandateIssueDate(xPath.evaluate(S2Constants.MANDATE_ISSUEDDATE_QUERY, new InputSource(new StringReader(mandate)))); + setMandateIssuePlace(xPath.evaluate(S2Constants.MANDATE_ISSUEDPLACE_QUERY, new InputSource(new StringReader(mandate)))); + setMandateIssueTime(xPath.evaluate(S2Constants.MANDATE_ISSUEDTIME_QUERY, new InputSource(new StringReader(mandate)))); + setMandateValidFrom(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_VALIDFROM_QUERY, new InputSource(new StringReader(mandate)))); + setMandateValidTo(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_VALIDTO_QUERY, new InputSource(new StringReader(mandate)))); + setPhysicalRepresentativeBirthDate(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_DATEOFBIRTH_QUERY, new InputSource(new StringReader(mandate)))); + setPhysicalRepresentativeFamilyName(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_FAMILYNAME_QUERY, new InputSource(new StringReader(mandate)))); + setPhysicalRepresentativeGivenName(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_GIVENNAME_QUERY, new InputSource(new StringReader(mandate)))); + setPhysicalRepresentativeIdentificationType(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_IDTYPE_QUERY, new InputSource(new StringReader(mandate)))); + setPhysicalRepresentativeIdentificationValue(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_IDVALUE_QUERY, new InputSource(new StringReader(mandate)))); + setSimpleMandateContent(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_TXTDESC_QUERY, new InputSource(new StringReader(mandate)))); + + // check if all necessary fields are present + Logger.debug("Starting mandate structure validation"); + try { + validateMandateStructure(localMethods); // TODO + } catch (Exception e) { + + if (e instanceof MOAIDException) { + Logger.error("Could not validate mandate structure."); + throw new MOAIDException("stork.16", new Object[] {e.getMessage()}); // TODO + } else { + Logger.error("Error during mandate structure validation."); + throw new MOAIDException("stork.16", new Object[] {e.getMessage()}); // TODO + } + + } + + } + + public String getCorpMandatorIdentificationValue() { + return corpMandatorIdentificationValue; + } + + public void setCorpMandatorIdentificationValue(String corpMandatorIdentificationValue) { + this.corpMandatorIdentificationValue = corpMandatorIdentificationValue; + } + + public String getCorpMandatorIdentificationType() { + return corpMandatorIdentificationType; + } + + public void setCorpMandatorIdentificationType(String corpMandatorIdentificationType) { + this.corpMandatorIdentificationType = corpMandatorIdentificationType; + } + + public String getCorpMandatorFullName() { + return corpMandatorFullName; + } + + public void setCorpMandatorFullName(String corpMandatorFullName) { + this.corpMandatorFullName = corpMandatorFullName; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 9508919b0..d7927a917 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -10,6 +10,7 @@ import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; /** * Implements MOA request and stores StorkAuthn/Attr-Request related data. @@ -30,6 +31,7 @@ public class MOASTORKRequest extends RequestImpl { /** The stork attr query request. */ private STORKAttrQueryRequest storkAttrQueryRequest; + /** * Sets the sTORK authn request. * @@ -66,7 +68,6 @@ public class MOASTORKRequest extends RequestImpl { return null != storkAuthnRequest; } - /** * Gets the stork authn request. * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java index 4e0f57779..2cd0e1d57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java @@ -1,28 +1,128 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import java.io.Serializable; - +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryResponse; import eu.stork.peps.auth.commons.STORKAuthnResponse; +import java.io.Serializable; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; + /** * Implements MOA request and stores StorkAuthn/Attr-Request related data. * * @author bsuzic */ -public class MOASTORKResponse implements Serializable { - - /** The Constant serialVersionUID. */ - private static final long serialVersionUID = -5798803155055518747L; - - /** The stork authn request. */ - private STORKAuthnResponse storkAuthnResponse; - - /** The stork attr query request. */ +public class MOASTORKResponse extends RequestImpl { + + /** + * The Constant serialVersionUID. + */ + private static final long serialVersionUID = -5798803155055518747L; + + /** + * The stork authn request. + */ + private STORKAuthnResponse storkAuthnResponse; + + /** + * The stork attr query request. + */ private STORKAttrQueryResponse storkAttrQueryResponse; - + + /** + * The action. + */ + String action = null; + + /** + * The token + */ + private byte[] storkAuthnResponseToken = null; + + /** + * The request id. + */ + private String requestID; + + + /** + * The module. + */ + String module = null; + + /** + * The target. + */ + private String target = null; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule() + */ + public String requestedModule() { + return this.module; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction() + */ + public String requestedAction() { + return action; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID() + */ + public String getRequestID() { + return this.requestID; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getTarget() + */ + public String getTarget() { + return this.target; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isSSOSupported() + */ + public boolean isSSOSupported() { + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth() + */ + public boolean forceAuth() { + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setModule(java.lang.String) + */ + public void setModule(String module) { + this.module = module; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String) + */ + public void setRequestID(String id) { + this.requestID = id; + } + /** * Sets the sTORK authn response. * @@ -33,6 +133,23 @@ public class MOASTORKResponse implements Serializable { } /** + * Sets the sTORK authn response token + * + * @param request the new sTORK authn response token + */ + public void setSTORKAuthnResponseToken(byte[] token) { + this.storkAuthnResponseToken = token; + } + + /** + * Gets the sTORK authn response token . + * + * @param request the new sTORK authn response + */ + public byte[] getSTORKAuthnResponseToken() { + return this.storkAuthnResponseToken; + } + /** * Sets the sTORK attr response. * * @param request the new sTORK attr response @@ -77,17 +194,17 @@ public class MOASTORKResponse implements Serializable { public STORKAttrQueryResponse getStorkAttrQueryResponse() { return this.storkAttrQueryResponse; } - + /** * Gets the personal attribute list. * * @return the personal attribute list */ public IPersonalAttributeList getPersonalAttributeList() { - if(isAttrResponse()) - return this.storkAttrQueryResponse.getPersonalAttributeList(); - else - return this.storkAuthnResponse.getPersonalAttributeList(); + if (isAttrResponse()) + return this.storkAttrQueryResponse.getPersonalAttributeList(); + else + return this.storkAuthnResponse.getPersonalAttributeList(); } /** @@ -96,22 +213,62 @@ public class MOASTORKResponse implements Serializable { * @param populateAttributes the new personal attribute list */ public void setPersonalAttributeList(PersonalAttributeList populateAttributes) { - if(isAttrResponse()) - this.storkAttrQueryResponse.setPersonalAttributeList(populateAttributes); - else - this.storkAuthnResponse.setPersonalAttributeList(populateAttributes); - } - - /** - * Sets the country. - * - * @param spCountry the new country + if (isAttrResponse()) + this.storkAttrQueryResponse.setPersonalAttributeList(populateAttributes); + else + this.storkAuthnResponse.setPersonalAttributeList(populateAttributes); + } + + /** + * Sets the country. + * + * @param spCountry the new country + */ + public void setCountry(String spCountry) { + if (isAttrResponse()) + this.storkAttrQueryResponse.setCountry(spCountry); + else + this.storkAuthnResponse.setCountry(spCountry); + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL() + */ + public String getOAURL() { + if (isAuthnResponse()) + return storkAuthnResponse.getAudienceRestriction(); + else if (isAttrResponse()) + return storkAttrQueryResponse.getAudienceRestriction(); + else { + Logger.error("There is no authentication or attribute request contained in MOASTORKRequest."); + return null; + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv() + */ + public boolean isPassiv() { + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setAction(java.lang.String) + */ + public void setAction(String action) { + this.action = action; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() */ - public void setCountry(String spCountry) { - if(isAttrResponse()) - this.storkAttrQueryResponse.setCountry(spCountry); - else - this.storkAuthnResponse.setCountry(spCountry); + @Override + public List<Attribute> getRequestedAttributes() { + // TODO Auto-generated method stub + return null; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java index eda712467..8616b0430 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -59,6 +59,9 @@ public class MandateAttributeRequestProvider implements AttributeProvider { } PersonalAttributeList result = new PersonalAttributeList(); //return result; + + + Logger.info("Thrown external request by: " + getAttrProviderName()); throw new ExternalAttributeRequestRequiredException(this); } @@ -69,7 +72,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider { String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; - //generate AuthnRquest + //generate AttrQueryRequest STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); attributeRequest.setDestination(destination); attributeRequest.setAssertionConsumerServiceURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java new file mode 100644 index 000000000..542776f52 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java @@ -0,0 +1,157 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; +import javanet.staxutils.SimpleNamespaceContext; + +import javax.xml.xpath.XPath; +import javax.xml.xpath.XPathExpressionException; +import javax.xml.xpath.XPathFactory; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.HashMap; + +/** + * @author bsuzic + * Date: 5/5/14, Time: 2:35 PM + */ +public abstract class MandateContainer { + protected String mandateIssuePlace = null; + protected String mandateIssueDate = null; + protected String mandateIssueTime = null; + protected String simpleMandateContent = null; + protected String mandateValidFrom = null; + protected String mandateValidTo = null; + protected String annotation = null; + protected String physicalRepresentativeIdentificationValue = null; + protected String physicalRepresentativeIdentificationType = null; + protected String physicalRepresentativeGivenName = null; + protected String physicalRepresentativeFamilyName = null; + protected String physicalRepresentativeBirthDate = null; + protected XPath xPath = null; + + + public MandateContainer(String mandate) throws XPathExpressionException, MOAIDException { + xPath = XPathFactory.newInstance().newXPath(); + HashMap<String, String> prefMap = new HashMap<String, String>() {{ + put(S2Constants.MANDATE_PREFIX, S2Constants.MANDATE_NS); + put(S2Constants.PERSONDATA_PREFIX, S2Constants.PERSONDATA_NS); + put(S2Constants.XMLDSIG_PREFIX, S2Constants.XMLDSIG_NS); + }}; + + SimpleNamespaceContext namespace = new SimpleNamespaceContext(prefMap); + xPath.setNamespaceContext(namespace); + } + + + public void validateMandateStructure(String localMethods[]) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException, MOAIDException { + for (String localMethod : localMethods) { + Method method = this.getClass().getMethod(localMethod); + Object x = method.invoke(this); + if ((x == null) || x.toString().length() == 0) { + throw new MOAIDException("stork.16", new Object[] {localMethod}); // TODO + } + } + Logger.debug("Mandate structure validated"); + } + + + public String getMandateIssuePlace() { + return mandateIssuePlace; + } + + public void setMandateIssuePlace(String mandateIssuePlace) { + this.mandateIssuePlace = mandateIssuePlace; + } + + public String getMandateIssueDate() { + return mandateIssueDate; + } + + public void setMandateIssueDate(String mandateIssueDate) { + this.mandateIssueDate = mandateIssueDate; + } + + public String getMandateIssueTime() { + return mandateIssueTime; + } + + public void setMandateIssueTime(String mandateIssueTime) { + this.mandateIssueTime = mandateIssueTime; + } + + public String getSimpleMandateContent() { + return simpleMandateContent; + } + + public void setSimpleMandateContent(String simpleMandateContent) { + this.simpleMandateContent = simpleMandateContent; + } + + public String getMandateValidFrom() { + return mandateValidFrom; + } + + public void setMandateValidFrom(String mandateValidFrom) { + this.mandateValidFrom = mandateValidFrom; + } + + public String getMandateValidTo() { + return mandateValidTo; + } + + public void setMandateValidTo(String mandateValidTo) { + this.mandateValidTo = mandateValidTo; + } + + public String getPhysicalRepresentativeIdentificationValue() { + return physicalRepresentativeIdentificationValue; + } + + public void setPhysicalRepresentativeIdentificationValue(String physicalRepresentativeIdentificationValue) { + this.physicalRepresentativeIdentificationValue = physicalRepresentativeIdentificationValue; + } + + public String getPhysicalRepresentativeIdentificationType() { + return physicalRepresentativeIdentificationType; + } + + public void setPhysicalRepresentativeIdentificationType(String physicalRepresentativeIdentificationType) { + this.physicalRepresentativeIdentificationType = physicalRepresentativeIdentificationType; + } + + public String getPhysicalRepresentativeGivenName() { + return physicalRepresentativeGivenName; + } + + public void setPhysicalRepresentativeGivenName(String physicalRepresentativeGivenName) { + this.physicalRepresentativeGivenName = physicalRepresentativeGivenName; + } + + public String getPhysicalRepresentativeFamilyName() { + return physicalRepresentativeFamilyName; + } + + public void setPhysicalRepresentativeFamilyName(String physicalRepresentativeFamilyName) { + this.physicalRepresentativeFamilyName = physicalRepresentativeFamilyName; + } + + public String getPhysicalRepresentativeBirthDate() { + return physicalRepresentativeBirthDate; + } + + public void setPhysicalRepresentativeBirthDate(String physicalRepresentativeBirthDate) { + this.physicalRepresentativeBirthDate = physicalRepresentativeBirthDate; + } + + public String getAnnotation() { + return annotation; + } + + public void setAnnotation(String annotation) { + this.annotation = annotation; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java index a3b3263d6..a4257c387 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -1,25 +1,348 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.complex.attributes.*; +import org.apache.xerces.impl.dv.DatatypeException; +import org.w3c.dom.Node; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.Marshaller; +import javax.xml.datatype.DatatypeConfigurationException; +import javax.xml.datatype.DatatypeFactory; +import javax.xml.datatype.XMLGregorianCalendar; +import javax.xml.namespace.QName; +import java.io.StringWriter; +import java.math.BigInteger; +import java.util.ArrayList; /** * */ public class MandateRetrievalRequest implements IAction { + + private IAuthData authData; + private MOASTORKRequest moaStorkRequest; + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - Logger.info("Entering mandateretrievalrequest"); + Logger.debug("Entering AttributeRequest for MandateProvider"); + httpResp.reset(); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); + + MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); + STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse(); + + this.authData = authData; + + if ((req instanceof MOASTORKRequest)) { + this.moaStorkRequest = (MOASTORKRequest) req; + + } else { + return null; // TODO + } + + + if (moaStorkRequest.isAttrRequest() && moaStorkRequest.getStorkAttrQueryRequest() != null) { + MandateContainer mandateContainer = null; + + try { + mandateContainer = new CorporateBodyMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8")); + } catch (Exception ex) { + try { + mandateContainer = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8")); + } catch (Exception ex2) { + Logger.error("Could not extract data and create mandate container."); + throw new MOAIDException("stork.16", new Object[] {}); // TODO + } + } + + if (mandateContainer instanceof CorporateBodyMandateContainer) { + + } else if (mandateContainer instanceof PhyPersonMandateContainer) { + + } + + + + + + +// moaStorkResponse.setPersonalAttributeList(populateAttributes()); + + //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); + + IPersonalAttributeList sourceAttributeList = moaStorkRequest.getStorkAttrQueryRequest().getPersonalAttributeList(); + + IPersonalAttributeList attributeList = new PersonalAttributeList(); + + for (PersonalAttribute currentAttribute : sourceAttributeList) { + Logger.debug("Evaluating currentattribute " + currentAttribute.getName()); + if (currentAttribute.getName().equals("mandateContent")) { + MandateContentType mandateContent = getMandateContent(mandateContainer, currentAttribute); + attributeList.add(marshallComplexAttribute(currentAttribute, mandateContent)); + + // final Marshaller marshaller = JAXBContext.newInstance(MandateContentType.class).createMarshaller(); + // marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); + + // StringWriter stringWriter = new StringWriter(); + + // marshaller.marshal(new JAXBElement<MandateContentType>(new QName("urn:eu:stork:names:tc:STORK:1.0:assertion", "mandateContent"), MandateContentType.class, null, mandateContent), stringWriter); + + // ArrayList<String> value = new ArrayList<String>(); + // value.add(stringWriter.toString()); + + // PersonalAttribute mandateContentAttribute = new PersonalAttribute("mandateContent", false, value, "Available"); + + // attributeList.add(mandateContentAttribute); + } else + if (currentAttribute.getName().equals("representative")) { // TODO CHECK + RepresentationPersonType representative = getRepresentative(mandateContainer, currentAttribute); + attributeList.add(marshallComplexAttribute(currentAttribute, representative)); + + //attributeList.add(getRepresentative(mandateContainer, currentAttribute)); + } else + if (currentAttribute.getName().equals("represented")) { + //attributeList.add(getRepresented(mandateContainer, currentAttribute)); + RepresentationPersonType represented = getRepresented(mandateContainer, currentAttribute); + attributeList.add(marshallComplexAttribute(currentAttribute, represented)); + + } else + if (currentAttribute.getName().equals("mandateType")) { + //attributeList.add(getMandateType(mandateContainer, currentAttribute)); + MandateType mandateType = getMandateType(mandateContainer, currentAttribute); + attributeList.add(marshallComplexAttribute(currentAttribute, mandateType)); + + } + + } + + attrResponse.setPersonalAttributeList(attributeList); + moaStorkResponse.setSTORKAttrResponse(attrResponse); + + Logger.debug("Attributes " + moaStorkResponse.getStorkAttrQueryResponse().getPersonalAttributeList().size()); + + // Prepare extended attributes + Logger.debug("Preparing data container"); + + // create fresh container + DataContainer container = new DataContainer(); + + // - fill in the request we extracted above + container.setRequest(moaStorkRequest); + + // - fill in the partial response created above + container.setResponse(moaStorkResponse); + + container.setRemoteAddress(httpReq.getRemoteAddr()); + + Logger.debug("Data container prepared"); + + // ask for consent if necessary + if (oaParam.isRequireConsentForStorkAttributes()) + new ConsentEvaluator().requestConsent(container, httpResp, oaParam); + else + new ConsentEvaluator().generateSTORKResponse(httpResp, container); + + + //return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + } + + return null; // } + private PersonalAttribute marshallComplexAttribute(PersonalAttribute currentAttribute, Object obj) { // TODO refactor + + + StringWriter stringWriter = new StringWriter(); + try { + if (obj instanceof MandateContentType) { + final Marshaller marshaller = JAXBContext.newInstance(MandateContentType.class).createMarshaller(); + marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); + marshaller.marshal(new JAXBElement<MandateContentType>(new QName("urn:eu:stork:names:tc:STORK:1.0:assertion", currentAttribute.getName()), MandateContentType.class, null, (MandateContentType)obj), stringWriter); + } else if (obj instanceof MandateType) { + final Marshaller marshaller = JAXBContext.newInstance(MandateType.class).createMarshaller(); + marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); + marshaller.marshal(new JAXBElement<MandateType>(new QName("urn:eu:stork:names:tc:STORK:1.0:assertion", currentAttribute.getName()), MandateType.class, null, (MandateType)obj), stringWriter); + } else if (obj instanceof RepresentationPersonType) { + final Marshaller marshaller = JAXBContext.newInstance(RepresentationPersonType.class).createMarshaller(); + marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); + marshaller.marshal(new JAXBElement<RepresentationPersonType>(new QName("urn:eu:stork:names:tc:STORK:1.0:assertion", currentAttribute.getName()), RepresentationPersonType.class, null, (RepresentationPersonType)obj), stringWriter); + } + + } catch (Exception ex) { + Logger.error("Could not marshall atrribute: " + currentAttribute.getName() + ", " + ex.getMessage()); + return new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), new ArrayList<String>(), "NotAvailable"); + } + ArrayList<String> value = new ArrayList<String>(); + value.add(stringWriter.toString()); + + PersonalAttribute personalAttribute = new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), value, "Available"); + + return personalAttribute; + } + + + private void populateMandatingData(AuthenticationSession moasession) { + MandateType mandateType = new MandateType(); + RepresentationPersonType representationPersonType = new RepresentationPersonType(); + MandateContentType mandateContentType = new MandateContentType(); + } + + + private void populateRepresented(AuthenticationSession moasession) { + + MandateContainer mc = null; + + try { + mc = new CorporateBodyMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8")); + } catch (Exception ex) { + Logger.error("CORPORATE ERROR"); + try { + mc = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8")); + } catch (Exception ex2) { + Logger.error("PERSON ERROR"); + } + } + + if (mc instanceof CorporateBodyMandateContainer) { + Logger.error("Instance of Corp"); + } else if (mc instanceof PhyPersonMandateContainer) { + Logger.error("Instance of Phy"); + } + + + } + + + private Node extractChildNode(Node node, String childName) throws MOAIDException { + if (!node.hasChildNodes()) { + throw new MOAIDException("stork.11", null); // TODO description + } + for (int n = 0; n < node.getChildNodes().getLength(); n++) { + if (node.getChildNodes().item(n).getNodeName().equals(childName)) { + return node.getChildNodes().item(n); + } + } + throw new MOAIDException("stork.11", null); // TODO description + + } + + private String extractNodeTextContent(Node node, String childName) throws MOAIDException { + if (!node.hasChildNodes()) { + throw new MOAIDException("stork.11", null); // TODO description + } + for (int n = 0; n < node.getChildNodes().getLength(); n++) { + if (node.getChildNodes().item(n).getNodeName().equals(childName)) { + return node.getTextContent(); + } + } + throw new MOAIDException("stork.11", null); // TODO description + } + + private String mapPowersType(MandateContainer mandateContainer) { // TODO + return ""; + } + + private String mapCompanyType(MandateContainer mandateContainer) { // TODO + return ""; + } + + private MandateType getMandateType(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException { + MandateType mandateType = new MandateType(); + RepresentationPersonType representative = getRepresentative(mandateContainer, sourceAttribute); + RepresentationPersonType represented = getRepresented(mandateContainer, sourceAttribute); + MandateContentType mandateContent = getMandateContent(mandateContainer, sourceAttribute); + mandateType.setRepresenting(representative); + mandateType.setRepresented(represented); + mandateType.setMandateContent(mandateContent); + Logger.debug("Complex attribute extracted: " + sourceAttribute.getName()); + return mandateType; + } + + + private RepresentationPersonType getRepresentative(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) { + RepresentationPersonType representative = new RepresentationPersonType(); + + if (mandateContainer instanceof CorporateBodyMandateContainer) { + Logger.error("Company as representative not supported"); // TODO + + } else if (mandateContainer instanceof PhyPersonMandateContainer) { + PhyPersonMandateContainer phyPersonMandateContainer = (PhyPersonMandateContainer)mandateContainer; + representative.setEIdentifier(""); // TODO CALCULATE + representative.setGivenName(phyPersonMandateContainer.getPhysicalRepresentativeGivenName()); + representative.setSurname(phyPersonMandateContainer.getPhysicalRepresentativeFamilyName()); + representative.setDateOfBirth(phyPersonMandateContainer.getPhysicalRepresentativeBirthDate()); + } + + Logger.debug("Complex attribute extracted: " + sourceAttribute.getName()); + return representative; + } + + private RepresentationPersonType getRepresented(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) { + RepresentationPersonType represented = new RepresentationPersonType(); + + if (mandateContainer instanceof CorporateBodyMandateContainer) { + CorporateBodyMandateContainer corporateBodyMandateContainer = (CorporateBodyMandateContainer)mandateContainer; + represented.setELPIdentifier(corporateBodyMandateContainer.getCorpMandatorIdentificationValue()); + represented.setName(corporateBodyMandateContainer.getCorpMandatorFullName()); + represented.setAddress(""); + represented.setCanonicalAddress(new CanonicalAddressType()); + represented.setType(mapCompanyType(mandateContainer)); // TODO + } else if (mandateContainer instanceof PhyPersonMandateContainer) { + PhyPersonMandateContainer phyPersonMandateContainer = (PhyPersonMandateContainer)mandateContainer; + represented.setEIdentifier(""); // TODO CALCULATE + represented.setGivenName(phyPersonMandateContainer.getPhyPersMandatorGivenName()); + represented.setSurname(phyPersonMandateContainer.getPhyPersMandatorFamilyName()); + represented.setDateOfBirth(phyPersonMandateContainer.getPhyPersMandatorBirthDate()); + } + + Logger.debug("Complex attribute extracted: " + sourceAttribute.getName()); + + return represented; + } + + + private MandateContentType getMandateContent(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException { + MandateContentType mandateContent = new MandateContentType(); + try { + XMLGregorianCalendar validFrom = DatatypeFactory.newInstance().newXMLGregorianCalendar(mandateContainer.getMandateValidFrom()); + + XMLGregorianCalendar validTo = DatatypeFactory.newInstance().newXMLGregorianCalendar(mandateContainer.getMandateValidTo()); + mandateContent.setValidFrom(validFrom); + mandateContent.setValidTo(validTo); + } catch (DatatypeConfigurationException dte) { + Logger.error("Error converting data from mandate"); + throw new MOAIDException("stork.16", new Object[] {}); // TODO + + } + + mandateContent.setTransactionLimit(BigInteger.valueOf(0)); // TODO + mandateContent.setTransactionLimitCurrency("");// TODO + mandateContent.setIsJoint(""); + mandateContent.setIschained(false); + mandateContent.setTypePower(mapPowersType(mandateContainer)); + Logger.debug("Complex attribute extracted: " + sourceAttribute.getName()); + return mandateContent; + } + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { return true; // } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java new file mode 100644 index 000000000..c4be57bd3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java @@ -0,0 +1,113 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; +import javanet.staxutils.SimpleNamespaceContext; +import org.xml.sax.InputSource; + +import javax.xml.xpath.XPath; +import javax.xml.xpath.XPathExpressionException; +import javax.xml.xpath.XPathFactory; +import java.io.StringReader; +import java.util.HashMap; + +/** + * Physical person representing physical person + * @author bsuzic + * Date: 4/30/14, Time: 11:29 AM + */ +public class PhyPersonMandateContainer extends MandateContainer { + + private String phyPersMandatorIdentificationValue = null; + private String phyPersMandatorIdentificationType = null; + private String phyPersMandatorGivenName = null; + private String phyPersMandatorFamilyName = null; + private String phyPersMandatorBirthDate = null; + + String localMethods[] = new String[]{"getPhyPersMandatorGivenName", "getPhyPersMandatorFamilyName", "getPhyPersMandatorBirthDate", "getPhyPersMandatorIdentificationValue", + "getPhyPersMandatorIdentificationType", "getMandateIssuePlace", "getMandateIssueDate", "getMandateIssueTime", "getSimpleMandateContent", "getMandateValidFrom", + "getMandateValidTo", "getPhysicalRepresentativeIdentificationValue", "getPhysicalRepresentativeIdentificationType", "getAnnotation", + "getPhysicalRepresentativeGivenName", "getPhysicalRepresentativeFamilyName", "getPhysicalRepresentativeBirthDate" + }; + + + public PhyPersonMandateContainer(String mandate) throws XPathExpressionException, MOAIDException { + super(mandate); + + setAnnotation(xPath.evaluate(S2Constants.MANDATE_ANNOTATION_QUERY, new InputSource(new StringReader(mandate)))); + setPhyPersMandatorIdentificationType(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_IDTYPE_QUERY, new InputSource(new StringReader(mandate)))); + setPhyPersMandatorIdentificationValue(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_IDVALUE_QUERY, new InputSource(new StringReader(mandate)))); + setPhyPersMandatorGivenName(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_GIVENNAME_QUERY, new InputSource(new StringReader(mandate)))); + setPhyPersMandatorFamilyName(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_FAMILYNAME_QUERY, new InputSource(new StringReader(mandate)))); + setPhyPersMandatorBirthDate(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_DATEOFBIRTH_QUERY, new InputSource(new StringReader(mandate)))); + setMandateIssueDate(xPath.evaluate(S2Constants.MANDATE_ISSUEDDATE_QUERY, new InputSource(new StringReader(mandate)))); + setMandateIssuePlace(xPath.evaluate(S2Constants.MANDATE_ISSUEDPLACE_QUERY, new InputSource(new StringReader(mandate)))); + setMandateIssueTime(xPath.evaluate(S2Constants.MANDATE_ISSUEDTIME_QUERY, new InputSource(new StringReader(mandate)))); + setMandateValidFrom(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_VALIDFROM_QUERY, new InputSource(new StringReader(mandate)))); + setMandateValidTo(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_VALIDTO_QUERY, new InputSource(new StringReader(mandate)))); + setPhysicalRepresentativeBirthDate(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_DATEOFBIRTH_QUERY, new InputSource(new StringReader(mandate)))); + setPhysicalRepresentativeFamilyName(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_FAMILYNAME_QUERY, new InputSource(new StringReader(mandate)))); + setPhysicalRepresentativeGivenName(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_GIVENNAME_QUERY, new InputSource(new StringReader(mandate)))); + setPhysicalRepresentativeIdentificationType(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_IDTYPE_QUERY, new InputSource(new StringReader(mandate)))); + setPhysicalRepresentativeIdentificationValue(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_IDVALUE_QUERY, new InputSource(new StringReader(mandate)))); + setSimpleMandateContent(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_TXTDESC_QUERY, new InputSource(new StringReader(mandate)))); + + // check if all necessary fields are present + Logger.debug("Starting mandate structure validation"); + try { + validateMandateStructure(localMethods); // TODO + } catch (Exception e) { + if (e instanceof MOAIDException) { + Logger.error("Could not validate mandate structure."); + throw new MOAIDException("stork.16", new Object[] {e.getMessage()}); // TODO + } else { + Logger.error("Error during mandate structure validation."); + throw new MOAIDException("stork.16", new Object[] {e.getMessage()}); // TODO + } + + } + } + + + + public String getPhyPersMandatorGivenName() { + return phyPersMandatorGivenName; + } + + public void setPhyPersMandatorGivenName(String phyPersMandatorGivenName) { + this.phyPersMandatorGivenName = phyPersMandatorGivenName; + } + + public String getPhyPersMandatorFamilyName() { + return phyPersMandatorFamilyName; + } + + public void setPhyPersMandatorFamilyName(String phyPersMandatorFamilyName) { + this.phyPersMandatorFamilyName = phyPersMandatorFamilyName; + } + + public String getPhyPersMandatorBirthDate() { + return phyPersMandatorBirthDate; + } + + public void setPhyPersMandatorBirthDate(String phyPersMandatorBirthDate) { + this.phyPersMandatorBirthDate = phyPersMandatorBirthDate; + } + + public String getPhyPersMandatorIdentificationValue() { + return phyPersMandatorIdentificationValue; + } + + public void setPhyPersMandatorIdentificationValue(String phyPersMandatorIdentificationValue) { + this.phyPersMandatorIdentificationValue = phyPersMandatorIdentificationValue; + } + + public String getPhyPersMandatorIdentificationType() { + return phyPersMandatorIdentificationType; + } + + public void setPhyPersMandatorIdentificationType(String phyPersMandatorIdentificationType) { + this.phyPersMandatorIdentificationType = phyPersMandatorIdentificationType; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/S2Constants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/S2Constants.java new file mode 100644 index 000000000..e332fbc6a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/S2Constants.java @@ -0,0 +1,40 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +/** + * @author bsuzic + * Date: 4/29/14, Time: 5:34 PM + */ +public interface S2Constants { + public static final String MANDATE_PREFIX = "mandate"; + public static final String PERSONDATA_PREFIX = "persondata"; + public static final String XMLDSIG_PREFIX = "xmldsig"; + + public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#"; + public static final String PERSONDATA_NS = "http://reference.e-government.gv.at/namespace/persondata/20020228#"; + public static final String XMLDSIG_NS = "http://www.w3.org/2000/09/xmldsig#"; + + public static final String MANDATE_ANNOTATION_QUERY = "/mandate:Mandate/mandate:Annotation/text()"; + public static final String MANDATE_REPRESENTATIVE_PHYPERS_IDVALUE_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:Identification/persondata:Value/text()"; + public static final String MANDATE_REPRESENTATIVE_PHYPERS_IDTYPE_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:Identification/persondata:Type/text()"; + public static final String MANDATE_REPRESENTATIVE_PHYPERS_GIVENNAME_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:Name/persondata:GivenName/text()"; + public static final String MANDATE_REPRESENTATIVE_PHYPERS_FAMILYNAME_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:Name/persondata:FamilyName/text()"; + public static final String MANDATE_REPRESENTATIVE_PHYPERS_DATEOFBIRTH_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:DateOfBirth/text()"; + public static final String MANDATE_MANDATOR_CORPBODY_IDVALUE_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:CorporateBody/persondata:Identification/persondata:Value/text()"; + public static final String MANDATE_MANDATOR_CORPBODY_IDTYPE_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:CorporateBody/persondata:Identification/persondata:Type/text()"; + public static final String MANDATE_MANDATOR_CORPBODY_FULLNAME_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:CorporateBody/persondata:FullName/text()"; + public static final String MANDATE_ISSUEDPLACE_QUERY = "/mandate:Mandate/mandate:Issued/mandate:Place/text()"; + public static final String MANDATE_ISSUEDDATE_QUERY = "/mandate:Mandate/mandate:Issued/mandate:Date/text()"; + public static final String MANDATE_ISSUEDTIME_QUERY = "/mandate:Mandate/mandate:Issued/mandate:Time/text()"; + public static final String MANDATE_SIMPLEMANDATECONTENT_TXTDESC_QUERY = "/mandate:Mandate/mandate:SimpleMandateContent/mandate:TextualDescription/text()"; + public static final String MANDATE_SIMPLEMANDATECONTENT_VALIDFROM_QUERY = "/mandate:Mandate/mandate:SimpleMandateContent/mandate:TimeConstraint/mandate:ValidFrom/text()"; + public static final String MANDATE_SIMPLEMANDATECONTENT_VALIDTO_QUERY = "/mandate:Mandate/mandate:SimpleMandateContent/mandate:TimeConstraint/mandate:ValidTo/text()"; + + public static final String MANDATE_MANDATOR_PHYPERS_IDVALUE_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:Identification/persondata:Value/text()"; + public static final String MANDATE_MANDATOR_PHYPERS_IDTYPE_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:Identification/persondata:Type/text()"; + public static final String MANDATE_MANDATOR_PHYPERS_GIVENNAME_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:Name/persondata:GivenName/text()"; + public static final String MANDATE_MANDATOR_PHYPERS_FAMILYNAME_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:Name/persondata:FamilyName/text()"; + public static final String MANDATE_MANDATOR_PHYPERS_DATEOFBIRTH_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:DateOfBirth/text()"; + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 8c63b8cb1..ed9c45126 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -64,10 +64,46 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.debug("Initiating action: " + action); MOASTORKRequest STORK2Request = new MOASTORKRequest(); + MOASTORKResponse STORK2Response = new MOASTORKResponse(); - if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action)) + + if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action)) return STORK2Request; + + if (request.getParameter("SAMLResponse") != null) { // TODO check attribute collector + //extract STORK Response from HTTP Request + byte[] decSamlToken; + try { + decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); + } catch (NullPointerException e) { + if (request.getRemoteHost().contains("129.27.142")) { + Logger.warn("Availability check by " + request.getRemoteHost() + " on URI: " + request.getRequestURI()); + } else { + Logger.error("Unable to retrieve STORK Request for host: " + request.getRemoteHost() + " and URI: " + request.getRequestURI(), e); + } + throw new MOAIDException("stork.04", null); + } + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + + STORKAuthnResponse authnResponse = null; + + + // check if valid authn request is contained + try { + authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, request.getRemoteAddr()); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage()); + } + + STORK2Response.setSTORKAuthnResponseToken(decSamlToken); + + return STORK2Response; + + } else if (request.getParameter("SAMLRequest") != null) { + //extract STORK Response from HTTP Request byte[] decSamlToken; try { @@ -87,6 +123,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORKAuthnRequest authnRequest = null; STORKAttrQueryRequest attrRequest = null; + // check if valid authn request is contained try { authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); @@ -113,6 +150,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { return STORK2Request; + } else { + throw new MOAIDException("stork.14", null); // TODO Specify message + } } public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 72fb8cf27..5b2e7ce3d 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -130,7 +130,7 @@ validator.08=Das Manifest ist ung\u00FCltig validator.09=Die \u00F6ffentlichen Schl\u00FCssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat \u00FCberein
validator.10=Anzahl der URLs zur Authentisierungskomponente ung\u00FCltig {0}
-validator.11="Gesch�ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
+validator.11="Gesch\\u00E4ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
validator.12=Der Namespace des SAML-Attributs "Gesch\\u00E4ftsbereich" ist ung\u00FCltig {0}
validator.13=Das Target des 'Gesch\u00E4ftsbereichs' ist ung\u00FCltig {0}
validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0}
@@ -138,7 +138,6 @@ validator.15=Der Namespace des SAML-Attributs "OA" ist ung\u00FCltig {0} validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0}
validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ung\u00FCltig {0}
-#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als g�ltiger SubjectDN-Name f�r eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zul\u00E4ssig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enth?lt das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
validator.19=Das verwendete Zertifikat zum Signieren ist ung\u00FCltig.<br>{0}
@@ -244,5 +243,5 @@ oauth20.04=Die Art der Anmeldung wird nicht unterstuetzt oauth20.05=Der angegebene Benutzer ist nicht berechtigt
oauth20.06=Die angegebene OA kann nicht verwendet werden
oauth20.07=Angeforderter grant_type ist nicht erlaubt
-oauth20.08=Nicht berechtigt f�r Token-Request
+oauth20.08=Nicht berechtigt f\u00FCr Token-Request
oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{0}"
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java index 2354d0eb1..ea7c0e475 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java @@ -112,7 +112,7 @@ public final class STORKAuthnRequest implements Serializable, Cloneable { * @param nAlias The SP's Certificate Alias. */ public void setAlias(final String nAlias) { - this.alias = nAlias; + this.alias = nAlias; } /** |