From 639017a14904323c0eb2cd5d8cccf65ad8f2a841 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 11 Feb 2014 10:33:48 +0100 Subject: sketched stork attribute provider framework --- .../id/protocols/stork2/AttributeCollector.java | 70 +++++++++++++++++++ .../moa/id/protocols/stork2/AttributeProvider.java | 32 +++++++++ .../id/protocols/stork2/AuthenticationRequest.java | 19 +++++- .../moa/id/protocols/stork2/DataContainer.java | 79 ++++++++++++++++++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 1 + .../stork2/UnsupportedAttributeException.java | 7 ++ 6 files changed, 205 insertions(+), 3 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/UnsupportedAttributeException.java diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java new file mode 100644 index 000000000..fbc959cc4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -0,0 +1,70 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. + * The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes. + * Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user + * interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes. + * + * TODO how do we treat mandatory and optional attributes? + * + */ +public class AttributeCollector implements IAction { + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) + */ + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + // check if we have a STORKAttributeResponse in the request + // - no, how did we get here? + // yes, we got a recent requested attribute + // - find the attribute provider plugin that can handle the response + // - fetch the container + DataContainer container = new DataContainer(); + // - insert the embedded attribute(s) into the container + + // see if we need some more attributes + return processRequest(container); + } + + /** + * Checks if there are missing attributes and tries to fetch them. If there are no more attribute to fetch, + * this very method creates and sends the protocol result to the asking S-PEPS. + * + * @param container the {@link DataContainer} representing the status of the overall query. + * @return the string + */ + public String processRequest(DataContainer container) { + // check if there are attributes we need to fetch + // for each attribute still missing + // - check if we can find a suitable AttributeProvider Plugin + // - hand over control to the suitable plugin + // - add the aquired attribute to the container + // build response + // done + return "12345"; // AssertionId + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + // this action does not need any authentication. The authentication is already done by the preceeding AuthenticationRequest-Action. + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + public String getDefaultActionName() { + return STORKProtocol.ATTRIBUTE_COLLECTOR; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java new file mode 100644 index 000000000..2e4f2d8c5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -0,0 +1,32 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import javax.activation.UnsupportedDataTypeException; +import javax.servlet.http.HttpServletRequest; + +import eu.stork.peps.auth.commons.PersonalAttribute; + +/** + * An {@link AttributeProvider} can fetch a set of stork attributes. It might complete the query within one method call, + * but might also need to redirect to another webservice to accomplish its task. + */ +public interface AttributeProvider { + + /** + * Acquire the specified attribute. Returns {@code null} when attribute retrieval is in progress, but requires for + * for redirecting the user to an external service. Use {@link AttributeProvider#parse(HttpServletRequest)} to parse + * the response. + * + * @param attributeName the attribute name + * @return the personal attribute + * @throws UnsupportedDataTypeException when the provider cannot acquire the specified attribute + */ + public PersonalAttribute acquire(String attributeName) throws UnsupportedAttributeException; + + /** + * Parses the response we got from the external attribute provider. + * + * @param httpReq the http req + * @return the personal attribute + */ + public PersonalAttribute parse(HttpServletRequest httpReq); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 7e80273ca..1f6ffaa9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -4,6 +4,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; @@ -81,9 +82,21 @@ public class AuthenticationRequest implements IAction { //httpResp.setStatus(200); //VPEPSInboundPostHandler - - - return "12345"; // AssertionId + + // create fresh container + DataContainer container = new DataContainer(); + + // - fill in the request we extracted above + container.setRequest(request); + + // - fill in the partial response created above + container.setResponse(response); + + // - memorize the target url were we have to return the result + container.setTarget(target); + + // see if we need to fetch further attributes + return (new AttributeCollector()).processRequest(container); } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java new file mode 100644 index 000000000..40c827ef8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java @@ -0,0 +1,79 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.io.Serializable; + +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; + +// TODO: Auto-generated Javadoc +/** + * Holds info about an ongoing but yet incomplete stork authnrequest process. + */ +public class DataContainer implements Serializable { + + /** The Constant serialVersionUID. */ + private static final long serialVersionUID = -8765997480582363012L; + + /** The incoming request. */ + private STORKAuthnRequest request; + + /** The yet incomplete response. */ + private STORKAuthnResponse response; + + /** The target. */ + private String target; + + /** + * Gets the request. + * + * @return the request + */ + public STORKAuthnRequest getRequest() { + return request; + } + + /** + * Sets the request. + * + * @param request the new request + */ + public void setRequest(STORKAuthnRequest request) { + this.request = request; + } + + /** + * Gets the response. + * + * @return the response + */ + public STORKAuthnResponse getResponse() { + return response; + } + + /** + * Sets the response. + * + * @param response the new response + */ + public void setResponse(STORKAuthnResponse response) { + this.response = response; + } + + /** + * Gets the target. + * + * @return the target + */ + public String getTarget() { + return target; + } + + /** + * Sets the target. + * + * @param target the new target + */ + public void setTarget(String target) { + this.target = target; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 2e42a0d75..323d9ba8e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -36,6 +36,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { public static final String PATH = "id_stork2"; public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; + public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector"; private static HashMap actions = new HashMap(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/UnsupportedAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/UnsupportedAttributeException.java new file mode 100644 index 000000000..9447c079f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/UnsupportedAttributeException.java @@ -0,0 +1,7 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +public class UnsupportedAttributeException extends Exception { + + private static final long serialVersionUID = -7720066381435378111L; + +} -- cgit v1.2.3 From 95ea36e8b84de119165ce8c14fc5c1e9facd797f Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 11 Feb 2014 11:01:32 +0100 Subject: added ap logic #1 --- .../id/protocols/stork2/AttributeCollector.java | 38 +++++++++++++++++++--- .../stork2/DemoNoRedirectAttributeProvider.java | 32 ++++++++++++++++++ 2 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index fbc959cc4..b93b31b49 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -1,12 +1,19 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.util.ArrayList; +import java.util.List; + import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; + /** * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. * The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes. @@ -17,6 +24,14 @@ import javax.servlet.http.HttpServletResponse; * */ public class AttributeCollector implements IAction { + + private ArrayList attributeProviders; + + public AttributeCollector() { + // TODO generate from config + attributeProviders = new ArrayList(); + attributeProviders.add(new DemoNoRedirectAttributeProvider()); + } /* (non-Javadoc) @@ -44,10 +59,25 @@ public class AttributeCollector implements IAction { */ public String processRequest(DataContainer container) { // check if there are attributes we need to fetch - // for each attribute still missing - // - check if we can find a suitable AttributeProvider Plugin - // - hand over control to the suitable plugin - // - add the aquired attribute to the container + List missingAttributes = new ArrayList(); + try { + // for each attribute still missing + + for(String currentAttribute : missingAttributes) { + // - check if we can find a suitable AttributeProvider Plugin + for(AttributeProvider currentProvider : attributeProviders) { + // - hand over control to the suitable plugin + PersonalAttribute aquiredAttribute = currentProvider.acquire(currentAttribute); + + // - add the aquired attribute to the container + container.getResponse().getPersonalAttributeList().add(aquiredAttribute); + } + } + } catch(UnsupportedAttributeException e) { + // TODO + // memorize the container again + return "12345"; // TODO what to do here? + } // build response // done return "12345"; // AssertionId diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java new file mode 100644 index 000000000..23afc2544 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -0,0 +1,32 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.ArrayList; + +import javax.servlet.http.HttpServletRequest; + +import eu.stork.peps.auth.commons.PersonalAttribute; + +/** + * Just a simple demoprovider who can fetch any attribute you ask him. + */ +public class DemoNoRedirectAttributeProvider implements AttributeProvider { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) + */ + @Override + public PersonalAttribute acquire(String attributeName) + throws UnsupportedAttributeException { + return new PersonalAttribute("sepp", true, new ArrayList(), ""); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) + */ + @Override + public PersonalAttribute parse(HttpServletRequest httpReq) { + // TODO Auto-generated method stub + return null; + } + +} -- cgit v1.2.3 From 366d0f285e0e1a2fa89e512d91f349488cbc82d9 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 11 Feb 2014 13:15:14 +0100 Subject: find missing attributes --- .../gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index b93b31b49..e74cf4e8b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -59,10 +59,15 @@ public class AttributeCollector implements IAction { */ public String processRequest(DataContainer container) { // check if there are attributes we need to fetch + IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); + IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); List missingAttributes = new ArrayList(); + for(PersonalAttribute current : requestAttributeList) + if(!responseAttributeList.containsKey(current)) + missingAttributes.add(current.getName()); + try { // for each attribute still missing - for(String currentAttribute : missingAttributes) { // - check if we can find a suitable AttributeProvider Plugin for(AttributeProvider currentProvider : attributeProviders) { -- cgit v1.2.3 From d8302a2f7f3aae63593cd55bf0d5d4a4f9e5f55a Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 12 Feb 2014 11:37:06 +0100 Subject: sketched redirecting ap plugin --- .../id/protocols/stork2/AttributeCollector.java | 46 +++++++++++++++++----- .../moa/id/protocols/stork2/AttributeProvider.java | 2 +- .../stork2/AttributeRequestOngoingException.java | 5 +++ .../stork2/DemoRedirectAttributeProvider.java | 31 +++++++++++++++ .../resources/properties/id_messages_de.properties | 1 + 5 files changed, 74 insertions(+), 11 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index e74cf4e8b..93204f2ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -7,10 +7,14 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.logging.Logger; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; + import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -30,6 +34,7 @@ public class AttributeCollector implements IAction { public AttributeCollector() { // TODO generate from config attributeProviders = new ArrayList(); + attributeProviders.add(new DemoRedirectAttributeProvider()); attributeProviders.add(new DemoNoRedirectAttributeProvider()); } @@ -56,8 +61,9 @@ public class AttributeCollector implements IAction { * * @param container the {@link DataContainer} representing the status of the overall query. * @return the string + * @throws MOAIDException */ - public String processRequest(DataContainer container) { + public String processRequest(DataContainer container) throws MOAIDException { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -71,18 +77,38 @@ public class AttributeCollector implements IAction { for(String currentAttribute : missingAttributes) { // - check if we can find a suitable AttributeProvider Plugin for(AttributeProvider currentProvider : attributeProviders) { - // - hand over control to the suitable plugin - PersonalAttribute aquiredAttribute = currentProvider.acquire(currentAttribute); + try { + // - hand over control to the suitable plugin + PersonalAttribute aquiredAttribute = currentProvider.acquire(currentAttribute); + + // - add the aquired attribute to the container + container.getResponse().getPersonalAttributeList().add(aquiredAttribute); + } catch(UnsupportedAttributeException e) { + // ok, try the next attributeprovider + } - // - add the aquired attribute to the container - container.getResponse().getPersonalAttributeList().add(aquiredAttribute); } } - } catch(UnsupportedAttributeException e) { - // TODO - // memorize the container again - return "12345"; // TODO what to do here? - } + } catch (AttributeRequestOngoingException e) { + // the attribute request is ongoing and requires an external service. + try { + // memorize the container again + // - generate new key + String newArtifactId = new SecureRandomIdentifierGenerator() + .generateIdentifier(); + + // - put container in temporary store. + AssertionStorage.getInstance().put(newArtifactId, container); + + // TODO - add container-key to httpresponse + } catch (Exception e1) { + // TODO should we return the response as is to the PEPS? + Logger.error("Error putting incomplete Stork response into temporary storage", e); + throw new MOAIDException("stork.11", null); + } + + return "12345"; // TODO what to do here? + } // build response // done return "12345"; // AssertionId diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 2e4f2d8c5..fd35b0c71 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -20,7 +20,7 @@ public interface AttributeProvider { * @return the personal attribute * @throws UnsupportedDataTypeException when the provider cannot acquire the specified attribute */ - public PersonalAttribute acquire(String attributeName) throws UnsupportedAttributeException; + public PersonalAttribute acquire(String attributeName) throws UnsupportedAttributeException, AttributeRequestOngoingException; /** * Parses the response we got from the external attribute provider. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java new file mode 100644 index 000000000..be5a53f34 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java @@ -0,0 +1,5 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +public class AttributeRequestOngoingException extends Exception { + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java new file mode 100644 index 000000000..f44fbed07 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -0,0 +1,31 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.ArrayList; + +import javax.servlet.http.HttpServletRequest; + +import eu.stork.peps.auth.commons.PersonalAttribute; + +/** + * Just a simple demoprovider who can fetch any attribute you ask him. + */ +public class DemoRedirectAttributeProvider implements AttributeProvider { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) + */ + @Override + public PersonalAttribute acquire(String attributeName) + throws UnsupportedAttributeException, AttributeRequestOngoingException { + throw new AttributeRequestOngoingException(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) + */ + @Override + public PersonalAttribute parse(HttpServletRequest httpReq) { + return new PersonalAttribute("sepp", true, new ArrayList(), ""); + } + +} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index a6c0601e4..d6995a98e 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -202,6 +202,7 @@ stork.07=Es existiert kein STORK AuthnRequest f\u00FCr diese STORK Response stork.08=STORK SAML Assertion Validierung fehlgeschlagen stork.09=Fehler beim \u00FCberpr\u00FCfen der STORK B\u00FCrgerInnen Signatur stork.10=Fehler in der Verbindung zum SZR-Gateway +stork.11=Fehler beim Sammeln von StorkAttributen pvp2.00={0} ist kein gueltiger consumer service index pvp2.01=Fehler beim kodieren der PVP2 Antwort -- cgit v1.2.3 From a330b17e3ddc93181c8142b7c0ae871af528157f Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 17:47:53 +0100 Subject: added ap logic #2 --- .../moa/id/protocols/stork2/AttributeCollector.java | 6 ++++-- .../moa/id/protocols/stork2/AttributeProvider.java | 14 +++++++++++--- .../protocols/stork2/AttributeRequestOngoingException.java | 5 ----- .../protocols/stork2/DemoNoRedirectAttributeProvider.java | 5 +++++ .../id/protocols/stork2/DemoRedirectAttributeProvider.java | 13 +++++++++++-- .../stork2/ExternalAttributeRequestRequiredException.java | 14 ++++++++++++++ 6 files changed, 45 insertions(+), 12 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 93204f2ab..30f7d3df2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -89,7 +89,7 @@ public class AttributeCollector implements IAction { } } - } catch (AttributeRequestOngoingException e) { + } catch (ExternalAttributeRequestRequiredException e) { // the attribute request is ongoing and requires an external service. try { // memorize the container again @@ -100,7 +100,9 @@ public class AttributeCollector implements IAction { // - put container in temporary store. AssertionStorage.getInstance().put(newArtifactId, container); - // TODO - add container-key to httpresponse + // add container-key to redirect embedded within the return URL + // TODO find correct returnURL + e.getAp().performRedirect("returnURL"); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index fd35b0c71..2c024e822 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import javax.activation.UnsupportedDataTypeException; import javax.servlet.http.HttpServletRequest; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -18,10 +17,18 @@ public interface AttributeProvider { * * @param attributeName the attribute name * @return the personal attribute - * @throws UnsupportedDataTypeException when the provider cannot acquire the specified attribute + * @throws UnsupportedAttributeException the unsupported attribute exception + * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done */ - public PersonalAttribute acquire(String attributeName) throws UnsupportedAttributeException, AttributeRequestOngoingException; + public PersonalAttribute acquire(String attributeName) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException; + /** + * Perform redirect. + * + * @param url the return URL ending with ?artifactId=... + */ + public void performRedirect(String url); + /** * Parses the response we got from the external attribute provider. * @@ -29,4 +36,5 @@ public interface AttributeProvider { * @return the personal attribute */ public PersonalAttribute parse(HttpServletRequest httpReq); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java deleted file mode 100644 index be5a53f34..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java +++ /dev/null @@ -1,5 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -public class AttributeRequestOngoingException extends Exception { - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 23afc2544..978fa635c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -29,4 +29,9 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { return null; } + @Override + public void performRedirect(String url) { + // we should not get here + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index f44fbed07..13b113711 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -16,8 +16,8 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { */ @Override public PersonalAttribute acquire(String attributeName) - throws UnsupportedAttributeException, AttributeRequestOngoingException { - throw new AttributeRequestOngoingException(); + throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { + throw new ExternalAttributeRequestRequiredException(this); } /* (non-Javadoc) @@ -28,4 +28,13 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { return new PersonalAttribute("sepp", true, new ArrayList(), ""); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) + */ + @Override + public void performRedirect(String url) { + // TODO Auto-generated method stub + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java new file mode 100644 index 000000000..29b09487b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java @@ -0,0 +1,14 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +public class ExternalAttributeRequestRequiredException extends Exception { + private AttributeProvider ap; + + public ExternalAttributeRequestRequiredException(AttributeProvider provider) { + ap = provider; + } + + public AttributeProvider getAp() { + return ap; + } + +} -- cgit v1.2.3 From dcb3a469f10ef2d30d34c50983224db9d9fd85c6 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 17:55:17 +0100 Subject: refactor magic strings to constants --- .../moa/id/protocols/stork2/AttributeCollector.java | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 30f7d3df2..0025307dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -29,8 +29,15 @@ import eu.stork.peps.auth.commons.PersonalAttribute; */ public class AttributeCollector implements IAction { + /** The Constant ARTIFACT_ID. */ + private static final String ARTIFACT_ID = "artifactId"; + private ArrayList attributeProviders; + /** The return url. */ + // TODO find correct return URL + private String returnUrl = "findCorrectReturnURL"; + public AttributeCollector() { // TODO generate from config attributeProviders = new ArrayList(); @@ -101,8 +108,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - // TODO find correct returnURL - e.getAp().performRedirect("returnURL"); + e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); @@ -120,7 +126,7 @@ public class AttributeCollector implements IAction { * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { - // this action does not need any authentication. The authentication is already done by the preceeding AuthenticationRequest-Action. + // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. return false; } -- cgit v1.2.3 From f3149ae480fac3e12f9a98cba07d11e297cf39f0 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 18:01:30 +0100 Subject: fetch DataContainer from AssertionStore --- .../moa/id/protocols/stork2/AttributeCollector.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 0025307dd..b333fb4fe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -5,6 +5,7 @@ import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; @@ -55,7 +56,14 @@ public class AttributeCollector implements IAction { // yes, we got a recent requested attribute // - find the attribute provider plugin that can handle the response // - fetch the container - DataContainer container = new DataContainer(); + String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); + DataContainer container; + try { + container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); + } catch (MOADatabaseException e) { + Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); + throw new MOAIDException("stork.11", null); + } // - insert the embedded attribute(s) into the container // see if we need some more attributes -- cgit v1.2.3 From d3099d4ec685e68c25a9198760f8d1661678a85f Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 19:05:48 +0100 Subject: hand AP response to plugin and add result to assertion --- .../moa/id/protocols/stork2/AttributeCollector.java | 19 +++++++++++++++++++ .../moa/id/protocols/stork2/AttributeProvider.java | 3 ++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index b333fb4fe..91b09795f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -55,6 +55,23 @@ public class AttributeCollector implements IAction { // - no, how did we get here? // yes, we got a recent requested attribute // - find the attribute provider plugin that can handle the response + PersonalAttribute newAttribute = null; + for (AttributeProvider current : attributeProviders) + try { + newAttribute = current.parse(httpReq); + } catch (UnsupportedAttributeException e1) { + // the current provider cannot find anything familiar within the + // provided httpreq. Try the next one. + } + + if (null == newAttribute) { + // we do not have a provider which is capable of fetching something + // from the received httpreq. + // TODO should we continue with the next attribute? + Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); + throw new MOAIDException("stork.11", null); + } + // - fetch the container String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); DataContainer container; @@ -64,7 +81,9 @@ public class AttributeCollector implements IAction { Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); throw new MOAIDException("stork.11", null); } + // - insert the embedded attribute(s) into the container + container.getResponse().getPersonalAttributeList().add(newAttribute); // see if we need some more attributes return processRequest(container); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 2c024e822..c554485ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -34,7 +34,8 @@ public interface AttributeProvider { * * @param httpReq the http req * @return the personal attribute + * @throws UnsupportedAttributeException if the provider cannot find anything familiar in the provided httpReq */ - public PersonalAttribute parse(HttpServletRequest httpReq); + public PersonalAttribute parse(HttpServletRequest httpReq) throws UnsupportedAttributeException; } -- cgit v1.2.3 From de54a0683a626679df1c110253c8b5ff986ecb71 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 20:24:46 +0100 Subject: added http request and responses to attributeprovider methods --- .../egovernment/moa/id/protocols/stork2/AttributeCollector.java | 6 +++--- .../egovernment/moa/id/protocols/stork2/AttributeProvider.java | 9 +++++++-- .../moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java | 3 ++- .../moa/id/protocols/stork2/DemoRedirectAttributeProvider.java | 3 ++- 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 91b09795f..810b4ae7a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -86,7 +86,7 @@ public class AttributeCollector implements IAction { container.getResponse().getPersonalAttributeList().add(newAttribute); // see if we need some more attributes - return processRequest(container); + return processRequest(container, httpResp); } /** @@ -97,7 +97,7 @@ public class AttributeCollector implements IAction { * @return the string * @throws MOAIDException */ - public String processRequest(DataContainer container) throws MOAIDException { + public String processRequest(DataContainer container, HttpServletResponse response) throws MOAIDException { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -135,7 +135,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId); + e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId, response); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index c554485ee..5ca3bd7e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -1,6 +1,9 @@ package at.gv.egovernment.moa.id.protocols.stork2; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -26,8 +29,9 @@ public interface AttributeProvider { * Perform redirect. * * @param url the return URL ending with ?artifactId=... + * @param resp the response to the preceding request */ - public void performRedirect(String url); + public void performRedirect(String url, HttpServletResponse resp); /** * Parses the response we got from the external attribute provider. @@ -35,7 +39,8 @@ public interface AttributeProvider { * @param httpReq the http req * @return the personal attribute * @throws UnsupportedAttributeException if the provider cannot find anything familiar in the provided httpReq + * @throws MOAIDException if something went wrong */ - public PersonalAttribute parse(HttpServletRequest httpReq) throws UnsupportedAttributeException; + public PersonalAttribute parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 978fa635c..51663ed38 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.util.ArrayList; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -30,7 +31,7 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { } @Override - public void performRedirect(String url) { + public void performRedirect(String url, HttpServletResponse response) { // we should not get here } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index 13b113711..fad049763 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.util.ArrayList; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -32,7 +33,7 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) */ @Override - public void performRedirect(String url) { + public void performRedirect(String url, HttpServletResponse response) { // TODO Auto-generated method stub } -- cgit v1.2.3 From c51df468a54912264b0774396ab622f9fa092cf4 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 20:44:00 +0100 Subject: APprovider can return multiple attributes --- .../moa/id/protocols/stork2/AttributeCollector.java | 20 +++++++++++--------- .../moa/id/protocols/stork2/AttributeProvider.java | 11 +++++++---- .../stork2/DemoNoRedirectAttributeProvider.java | 10 +++++++--- .../stork2/DemoRedirectAttributeProvider.java | 10 +++++++--- 4 files changed, 32 insertions(+), 19 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 810b4ae7a..2e9072f0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -55,16 +55,16 @@ public class AttributeCollector implements IAction { // - no, how did we get here? // yes, we got a recent requested attribute // - find the attribute provider plugin that can handle the response - PersonalAttribute newAttribute = null; + IPersonalAttributeList newAttributes = null; for (AttributeProvider current : attributeProviders) try { - newAttribute = current.parse(httpReq); + newAttributes = current.parse(httpReq); } catch (UnsupportedAttributeException e1) { // the current provider cannot find anything familiar within the // provided httpreq. Try the next one. } - if (null == newAttribute) { + if (null == newAttributes) { // we do not have a provider which is capable of fetching something // from the received httpreq. // TODO should we continue with the next attribute? @@ -83,7 +83,8 @@ public class AttributeCollector implements IAction { } // - insert the embedded attribute(s) into the container - container.getResponse().getPersonalAttributeList().add(newAttribute); + for(PersonalAttribute current : newAttributes) + container.getResponse().getPersonalAttributeList().add(current); // see if we need some more attributes return processRequest(container, httpResp); @@ -101,22 +102,23 @@ public class AttributeCollector implements IAction { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); - List missingAttributes = new ArrayList(); + List missingAttributes = new ArrayList(); for(PersonalAttribute current : requestAttributeList) if(!responseAttributeList.containsKey(current)) - missingAttributes.add(current.getName()); + missingAttributes.add(current); try { // for each attribute still missing - for(String currentAttribute : missingAttributes) { + for(PersonalAttribute currentAttribute : missingAttributes) { // - check if we can find a suitable AttributeProvider Plugin for(AttributeProvider currentProvider : attributeProviders) { try { // - hand over control to the suitable plugin - PersonalAttribute aquiredAttribute = currentProvider.acquire(currentAttribute); + IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute); // - add the aquired attribute to the container - container.getResponse().getPersonalAttributeList().add(aquiredAttribute); + for(PersonalAttribute current : aquiredAttributes) + container.getResponse().getPersonalAttributeList().add(current); } catch(UnsupportedAttributeException e) { // ok, try the next attributeprovider } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 5ca3bd7e1..e1f5620a8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -1,10 +1,13 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.util.List; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; /** @@ -18,12 +21,12 @@ public interface AttributeProvider { * for redirecting the user to an external service. Use {@link AttributeProvider#parse(HttpServletRequest)} to parse * the response. * - * @param attributeName the attribute name + * @param attributes the list of attributes to be acquired * @return the personal attribute * @throws UnsupportedAttributeException the unsupported attribute exception * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done */ - public PersonalAttribute acquire(String attributeName) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException; + public IPersonalAttributeList acquire(PersonalAttribute attributes) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException; /** * Perform redirect. @@ -37,10 +40,10 @@ public interface AttributeProvider { * Parses the response we got from the external attribute provider. * * @param httpReq the http req - * @return the personal attribute + * @return a list of attributes * @throws UnsupportedAttributeException if the provider cannot find anything familiar in the provided httpReq * @throws MOAIDException if something went wrong */ - public PersonalAttribute parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 51663ed38..a38cfed96 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -5,7 +5,9 @@ import java.util.ArrayList; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; /** * Just a simple demoprovider who can fetch any attribute you ask him. @@ -16,16 +18,18 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ @Override - public PersonalAttribute acquire(String attributeName) + public IPersonalAttributeList acquire(PersonalAttribute attributeName) throws UnsupportedAttributeException { - return new PersonalAttribute("sepp", true, new ArrayList(), ""); + PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); + requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList(), "")); + return requestedAttributes; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ @Override - public PersonalAttribute parse(HttpServletRequest httpReq) { + public IPersonalAttributeList parse(HttpServletRequest httpReq) { // TODO Auto-generated method stub return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index fad049763..a9e2cf358 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -5,7 +5,9 @@ import java.util.ArrayList; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; /** * Just a simple demoprovider who can fetch any attribute you ask him. @@ -16,7 +18,7 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ @Override - public PersonalAttribute acquire(String attributeName) + public IPersonalAttributeList acquire(PersonalAttribute attributeName) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { throw new ExternalAttributeRequestRequiredException(this); } @@ -25,8 +27,10 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ @Override - public PersonalAttribute parse(HttpServletRequest httpReq) { - return new PersonalAttribute("sepp", true, new ArrayList(), ""); + public IPersonalAttributeList parse(HttpServletRequest httpReq) { + PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); + requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList(), "")); + return requestedAttributes; } /* (non-Javadoc) -- cgit v1.2.3 From f9889e63f9263c2d1fc24c9103025d16ee471a79 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 20:51:15 +0100 Subject: added Stork AttributeQuery APProvider --- .../id/protocols/stork2/AttributeCollector.java | 2 + .../stork2/StorkAttributeRequestProvider.java | 45 ++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 2e9072f0d..4eb874d8f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -37,11 +37,13 @@ public class AttributeCollector implements IAction { /** The return url. */ // TODO find correct return URL + // HTTPUtils.getBaseURL(req); private String returnUrl = "findCorrectReturnURL"; public AttributeCollector() { // TODO generate from config attributeProviders = new ArrayList(); + attributeProviders.add(new StorkAttributeRequestProvider()); attributeProviders.add(new DemoRedirectAttributeProvider()); attributeProviders.add(new DemoNoRedirectAttributeProvider()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java new file mode 100644 index 000000000..1862bdbe9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; + +/** + * creates a STORK attribute request for a configurable set of attributes + */ +public class StorkAttributeRequestProvider implements AttributeProvider { + + private PersonalAttributeList requestedAttributes; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) + */ + @Override + public IPersonalAttributeList acquire(PersonalAttribute attribute) + throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { + requestedAttributes = new PersonalAttributeList(1); + requestedAttributes.add(attribute); + throw new ExternalAttributeRequestRequiredException(this); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) + */ + @Override + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) + */ + @Override + public void performRedirect(String url, HttpServletResponse resp) { + + } + +} -- cgit v1.2.3 From 6ac37f0acfb232d64607d685c0ad7f11fe581df0 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 20:52:19 +0100 Subject: StorkAPprovider can parse a stork response --- .../stork2/StorkAttributeRequestProvider.java | 33 +++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 1862bdbe9..fbb430362 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -4,9 +4,14 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; /** * creates a STORK attribute request for a configurable set of attributes @@ -31,7 +36,33 @@ public class StorkAttributeRequestProvider implements AttributeProvider { */ @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException { - return null; + Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); + + //extract STORK Response from HTTP Request + //Decodes SAML Response + byte[] decSamlToken; + try { + decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse")); + } catch(NullPointerException e) { + Logger.error("Unable to retrieve STORK Response", e); + throw new MOAIDException("stork.04", null); + } + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + + STORKAttrQueryResponse attrResponse = null; + try { + //validate SAML Token + Logger.debug("Starting validation of SAML response"); + attrResponse = engine.validateSTORKAttrQueryResponse(decSamlToken, (String) httpReq.getRemoteHost()); + Logger.info("SAML response succesfully verified!"); + }catch(STORKSAMLEngineException e){ + Logger.error("Failed to verify STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + return attrResponse.getPersonalAttributeList(); } /* (non-Javadoc) -- cgit v1.2.3 From ab303539da5d60a2e12c07b30b997c010155d0b6 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 20:56:37 +0100 Subject: parse reports unsupported data properly now --- .../moa/id/protocols/stork2/StorkAttributeRequestProvider.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index fbb430362..32b0bb334 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -35,7 +35,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ @Override - public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException { + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); //extract STORK Response from HTTP Request @@ -44,8 +44,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider { try { decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse")); } catch(NullPointerException e) { - Logger.error("Unable to retrieve STORK Response", e); - throw new MOAIDException("stork.04", null); + throw new UnsupportedAttributeException(); } //Get SAMLEngine instance -- cgit v1.2.3 From 0e19ab212b9c652401937ba3a2a4b415c010eeb4 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 11:23:42 +0100 Subject: StorkAPProvider can issue an attribute query draft --- .../id/protocols/stork2/AttributeCollector.java | 6 +- .../moa/id/protocols/stork2/AttributeProvider.java | 6 +- .../stork2/StorkAttributeRequestProvider.java | 71 +++++++++++++++++++++- 3 files changed, 76 insertions(+), 7 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 4eb874d8f..8ccaa35de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -89,7 +89,7 @@ public class AttributeCollector implements IAction { container.getResponse().getPersonalAttributeList().add(current); // see if we need some more attributes - return processRequest(container, httpResp); + return processRequest(container, httpReq, httpResp); } /** @@ -100,7 +100,7 @@ public class AttributeCollector implements IAction { * @return the string * @throws MOAIDException */ - public String processRequest(DataContainer container, HttpServletResponse response) throws MOAIDException { + public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response) throws MOAIDException { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -139,7 +139,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId, response); + e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index e1f5620a8..117a1f6b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -1,7 +1,5 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import java.util.List; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -32,9 +30,11 @@ public interface AttributeProvider { * Perform redirect. * * @param url the return URL ending with ?artifactId=... + * @param citizenCountyCode the citizen county code + * @param req the request we got from the S-PEPS and for which we have to ask our APs * @param resp the response to the preceding request */ - public void performRedirect(String url, HttpServletResponse resp); + public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp); /** * Parses the response we got from the external attribute provider. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 32b0bb334..90b1a0180 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -1,15 +1,31 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.io.StringWriter; +import java.util.ArrayList; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; + import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -19,6 +35,9 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException; public class StorkAttributeRequestProvider implements AttributeProvider { private PersonalAttributeList requestedAttributes; + + /** The destination. */ + private String destination; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) @@ -68,8 +87,58 @@ public class StorkAttributeRequestProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) */ @Override - public void performRedirect(String url, HttpServletResponse resp) { + public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp) { + OAAuthParameter oaParam; + + String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + String spCountry = "AT"; + + //generate AuthnRquest + STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); + attributeRequest.setDestination(destination); + attributeRequest.setAssertionConsumerServiceURL(url); + attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); + attributeRequest.setQaa(oaParam.getQaaLevel()); + attributeRequest.setSpInstitution(spInstitution); + attributeRequest.setCountry(spCountry); + attributeRequest.setSpApplication(spApplication); + attributeRequest.setSpSector(spSector); + attributeRequest.setPersonalAttributeList(requestedAttributes); + + attributeRequest.setCitizenCountryCode(citizenCountryCode); + + + Logger.debug("STORK AttrRequest succesfully assembled."); + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); + try { + attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest); + } catch (STORKSAMLEngineException e) { + Logger.error("Could not sign STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AttrRequest successfully signed!"); + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.11", null); + } } } -- cgit v1.2.3 From 3f388c8862a4543d8c7f791e5ff47090d533aa0c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 14:55:17 +0100 Subject: added attribute collector action to protocol and urlrewrite --- id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 4 ++++ .../java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java | 1 + 2 files changed, 5 insertions(+) diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index f8fdcaffc..563ee04dd 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -56,6 +56,10 @@ ^/stork2/StartAuthentication$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + ^/stork2/ResumeAuthentication$ + /dispatcher?mod=id_stork2&action=AttributeCollector&%{query-string} + ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 323d9ba8e..318a8fc9c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -43,6 +43,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { static { actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); + actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector()); instance = new STORKProtocol(); } -- cgit v1.2.3 From 5304a281d530abbe2aa57dc2583bc72d7988c949 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 14:57:42 +0100 Subject: config gui for vidp mockups --- .../data/oa/AttributeProviderPlugin.java | 24 +++++++++++++++++ .../id/configuration/data/oa/OASTORKConfig.java | 12 +++++++++ .../main/resources/applicationResources.properties | 8 +++++- id/ConfigWebTool/src/main/webapp/js/common.js | 11 ++++++++ .../src/main/webapp/jsp/editOAGeneral.jsp | 30 ++++++++++++++++++++++ 5 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java new file mode 100644 index 000000000..275bc81c4 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeProviderPlugin.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import at.gv.egovernment.moa.id.protocols.stork2.StorkAttributeRequestProvider; + +public class AttributeProviderPlugin { + private String url = "demourl"; + private Class plugin = StorkAttributeRequestProvider.class; + + public String getUrl() { + return url; + } + + public void setUrl(String url) { + this.url = url; + } + + public Class getPlugin() { + return plugin; + } + + public void setPlugin(Class plugin) { + this.plugin = plugin; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index da07b10b0..f084115c4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -126,4 +126,16 @@ public class OASTORKConfig { public void setHelperAttributes(List attributes) { this.attributes = attributes; } + + + public List getAttributeProviderPlugins() { + List result = new ArrayList(); + result.add(new AttributeProviderPlugin()); + + return result; + } + + public boolean isVidpEnabled() { + return true; + } } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 4a99ab664..313f9f2be 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -198,7 +198,8 @@ webpages.oaconfig.menu.pvp2.show=PVP2 Konfiguration einblenden webpages.oaconfig.menu.pvp2.hidden=PVP2 Konfiguration ausblenden webpages.oaconfig.menu.oauth20.show=OAuth 2.0 Konfiguration einblenden webpages.oaconfig.menu.oauth20.hidden=OAuth 2.0 Konfiguration ausblenden - +webpages.oaconfig.menu.vidp.show=VIDP Konfiguration einblenden +webpages.oaconfig.menu.vidp.hidden=VIDP Konfiguration ausblenden webpages.oaconfig.menu.stork=STORK Konfiguration @@ -258,6 +259,11 @@ webpages.oaconfig.oauth20.clientId=Client ID webpages.oaconfig.oauth20.clientSecret=Client Passwort webpages.oaconfig.oauth20.redirectUri=Redirect Uri +webpages.oaconfig.vidp.enabled=VIDP interface aktiv +webpages.oaconfig.vidp.ap.new=Neuen Attribut Provider erstellen +webpages.oaconfig.vidp.ap.remove=Entfernen +webpages.oaconfig.vidp.ap.list=Liste der konfigurierten Attribut Provider + message.title=Meldung: webpages.oaconfig.success=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index 384e40509..d9089243f 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -51,6 +51,17 @@ function oaStork() { $('#stork_block').css('display', "none"); } } +function oaVIDP() { + if ($('#oa_vidp_area').css('display') == "block") { + $('#oa_vidp_area').css('display', "none"); + $('#button_vidp_show').css('display', "block"); + $('#button_vidp_hidden').css('display', "none"); + } else { + $('#oa_vidp_area').css('display', "block"); + $('#button_vidp_show').css('display', "none"); + $('#button_vidp_hidden').css('display', "block"); + } +} function oaSAML1() { if ($('#oa_saml1_area').css('display') == "block") { $('#oa_saml1_area').css('display', "none"); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 4e8dfc259..18d703eae 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -340,6 +340,13 @@ + + +