From 078c7784e9e278bd5fdd96465a38558776cacb04 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 4 Aug 2014 12:57:39 +0200
Subject: MOA federation with USP - add some initial methodes
---
.../id/auth/builder/AuthenticationDataBuilder.java | 72 ++++++++++++----------
.../moa/id/entrypoints/DispatcherServlet.java | 2 +-
.../pvp2x/utils/AssertionAttributeExtractor.java | 14 +++++
3 files changed, 54 insertions(+), 34 deletions(-)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 17d6898ee..ddcc6e1d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.ws.soap.common.SOAPException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
@@ -76,6 +77,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
@@ -239,11 +241,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
attributs = reqQueryAttr;
//IDP is a service provider IDP and request interfederated IDP to collect attributes
- } else {
-
- //TODO: check if response include attributes and map this attributes to requested attributes
- //TODO: insert code to parse Attributes from AuthnRespones for USP --> Zustelldienst
-
+ } else {
//get PVP 2.1 attributes from protocol specific requested attributes
attributs = req.getRequestedAttributes();
@@ -255,44 +253,52 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
}
+
+
+ //TODO: check if response include attributes and map this attributes to requested attributes
+ //TODO: insert code to parse Attributes from AuthnRespones for USP --> Zustelldienst
+ Response intfResp = (Response) req.getInterfederationResponse().getResponse();
+ AssertionAttributeExtractor extractor =
+ new AssertionAttributeExtractor(intfResp);
- //build attributQuery request
- AttributeQuery query =
- AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
+ if (!extractor.containsAllRequiredAttributes()) {
+ //build attributQuery request
+ AttributeQuery query =
+ AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
- //build SOAP request
- List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+ //build SOAP request
+ List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
- if (xmlObjects.size() == 0) {
- Logger.error("Receive emptry AttributeQuery response-body.");
- throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
+ if (xmlObjects.size() == 0) {
+ Logger.error("Receive emptry AttributeQuery response-body.");
+ throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
- }
+ }
- if (xmlObjects.get(0) instanceof Response) {
- Response intfResp = (Response) xmlObjects.get(0);
+ if (xmlObjects.get(0) instanceof Response) {
+ intfResp = (Response) xmlObjects.get(0);
- //validate PVP 2.1 response
- try {
- SAMLVerificationEngine engine = new SAMLVerificationEngine();
- engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+ //validate PVP 2.1 response
+ try {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
- SAMLVerificationEngine.validateAssertion(intfResp, false);
+ SAMLVerificationEngine.validateAssertion(intfResp, false);
- } catch (Exception e) {
- Logger.warn("PVP 2.1 assertion validation FAILED.", e);
- throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
- }
-
- //parse response information to authData
- buildAuthDataFormInterfederationResponse(authdata, session, intfResp);
-
- } else {
- Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
- throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
+ } catch (Exception e) {
+ Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+ throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
+ }
+
+ } else {
+ Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+ throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
+ }
}
-
+ //parse response information to authData
+ buildAuthDataFormInterfederationResponse(authdata, session, intfResp);
+
} catch (SOAPException e) {
throw new BuildException("builder.06", null, e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 0d34fcb87..1e38bd4ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -269,7 +269,7 @@ public class DispatcherServlet extends AuthServlet{
info = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
moduleAction = info.getAction(protocolRequest.requestedAction());
- //create interfederated mOASession
+ //create interfederated MOASession
String sessionID =
AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
req.getParameterMap().put(PARAM_SESSIONID, sessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index ee0088576..9aadfdc28 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
import java.util.List;
import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Response;
@@ -54,6 +55,19 @@ public class AssertionAttributeExtractor {
throw new AssertionAttributeExtractorExeption();
}
+ public boolean containsAllRequiredAttributes() {
+ //TODO: add default attribute list
+ return containsAllRequiredAttributes(null);
+
+ }
+
+ public boolean containsAllRequiredAttributes(List<Attribute> attributs) {
+ //TODO: add validation
+ return false;
+
+ }
+
+
public String getNameID() throws AssertionAttributeExtractorExeption {
if (assertion.getSubject() != null) {
Subject subject = assertion.getSubject();
--
cgit v1.2.3