From 921a14d46078fba6ee66addd9b0c40ae82081f9c Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Wed, 12 Mar 2014 09:54:39 +0100
Subject: sketched consent collector

---
 .../id/protocols/stork2/AttributeCollector.java    |  80 +---
 .../moa/id/protocols/stork2/ConsentEvaluator.java  | 149 +++++++
 .../moa/id/protocols/stork2/STORKProtocol.java     |   4 +-
 .../resources/properties/id_messages_de.properties |   1 +
 .../resources/templates/stork2_consent.html        | 444 +++++++++++++++++++++
 5 files changed, 598 insertions(+), 80 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
 create mode 100644 id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 9cd825fc8..5d972ba00 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -148,12 +148,7 @@ public class AttributeCollector implements IAction {
 					// else, update any existing attributes
 					addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes);
             }
-
-            // build response
-            generateSTORKResponse(container);
-
-            // set new http response
-            generateRedirectResponse(response, container);
+            	new ConsentEvaluatorSepp().requestConsent(container, response, oaParam);
 
             return "12345"; // AssertionId
 
@@ -185,79 +180,6 @@ public class AttributeCollector implements IAction {
         }
     }
 
-    /**
-     * generates binary response from given response class.
-     *
-     * @param container the container
-     * @throws MOAIDException the mOAID exception
-     */
-    private void generateSTORKResponse(DataContainer container) throws MOAIDException {
-    	MOASTORKRequest request = container.getRequest();
-        MOASTORKResponse response = container.getResponse();
-
-        try {
-            //Get SAMLEngine instance
-            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
-            Logger.debug("Starting generation of SAML response");
-			if(response.isAuthnResponse())
-				response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false));
-			else
-				response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false));
-				
-            //generateSAML Token
-            Logger.info("SAML response succesfully generated!");
-        } catch (STORKSAMLEngineException e) {
-            Logger.error("Failed to generate STORK SAML Response", e);
-            throw new MOAIDException("stork.05", null);
-        }
-
-        Logger.info("STORK SAML Response message succesfully generated ");
-    }
-
-    /**
-     * writes the storkresponse to the httpresponse using the velocity engine.
-     *
-     * @param httpResp the http resp
-     * @param container the container
-     */
-    private void generateRedirectResponse(HttpServletResponse httpResp, DataContainer container) {
-        MOASTORKResponse authnResponse = container.getResponse();
-        MOASTORKRequest authnRequest = container.getRequest();
-
-        // preparing redirection for the client
-        try {
-            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
-            VelocityContext context = new VelocityContext();
-            
-            byte[] blob;
-			if(authnRequest.isAttrRequest())
-            	blob = authnResponse.getStorkAttrQueryResponse().getTokenSaml();
-            else
-            	blob = authnResponse.getStorkAuthnResponse().getTokenSaml();
-
-            context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob));
-            Logger.debug("SAMLResponse original: " + new String(blob));
-
-            Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL());
-            context.put("action", authnRequest.getAssertionConsumerServiceURL());
-            Logger.debug("Starting template merge");
-            StringWriter writer = new StringWriter();
-
-            Logger.debug("Doing template merge");
-            template.merge(context, writer);
-            Logger.debug("Template merge done");
-
-            Logger.debug("Sending html content: " + writer.getBuffer().toString());
-            Logger.debug("Sending html content2  : " + new String(writer.getBuffer()));
-
-            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
-
-        } catch (Exception e) {
-            Logger.error("Velocity error: " + e.getMessage());
-        }
-    }
-    
     /**
      * Adds or updates all {@link PersonalAttribute} objects given in {@code source} to/in {@code target}.
      *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
new file mode 100644
index 000000000..9745d81c5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -0,0 +1,149 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import java.io.StringWriter;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * The ConsentEvaluator assists with fetching user consent on the list of attributes to be sent to the asking S-PEPS.
+ */
+public class ConsentEvaluator implements IAction {
+
+    /**
+     * The Constant ARTIFACT_ID.
+     */
+    private static final String ARTIFACT_ID = "artifactId";
+
+    /* (non-Javadoc)
+     * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
+     */
+    public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+
+		// - fetch the container
+		String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
+		DataContainer container;
+		try {
+			container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
+		} catch (MOADatabaseException e) {
+			Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
+			throw new MOAIDException("stork.17", null);
+		}
+
+		// TODO evaluate response
+
+        // build and send response
+        generateSTORKResponse(httpResp, container);
+        
+        return "12345"; // AssertionId
+    }
+
+	/**
+	 * Fills the given HttpResponse with the required web page.
+	 *
+	 * @param container the container
+	 * @param response the response
+	 * @param oaParam the oa param
+	 * @return the string
+	 * @throws MOAIDException the mOAID exception
+	 */
+	public String requestConsent(DataContainer container, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException {
+		// prepare redirect
+
+		// ask for consent
+
+		return "12345"; // AssertionId
+	}
+
+    /**
+     * generates binary response from given response class and fill the given HttpResponse with a SAML Post Binding template.
+     *
+     * @param httpResp the http resp
+     * @param container the container
+     * @throws MOAIDException the mOAID exception
+     */
+    public void generateSTORKResponse(HttpServletResponse httpResp, DataContainer container) throws MOAIDException {
+    	MOASTORKRequest request = container.getRequest();
+        MOASTORKResponse response = container.getResponse();
+
+        try {
+            //Get SAMLEngine instance
+            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+            Logger.debug("Starting generation of SAML response");
+			if(response.isAuthnResponse())
+				response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false));
+			else
+				response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false));
+				
+            //generateSAML Token
+            Logger.info("SAML response succesfully generated!");
+        } catch (STORKSAMLEngineException e) {
+            Logger.error("Failed to generate STORK SAML Response", e);
+            throw new MOAIDException("stork.05", null);
+        }
+
+        Logger.info("STORK SAML Response message succesfully generated ");
+
+        // preparing redirection for the client
+        try {
+            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+            VelocityContext context = new VelocityContext();
+            
+            byte[] blob;
+			if(request.isAttrRequest())
+            	blob = response.getStorkAttrQueryResponse().getTokenSaml();
+            else
+            	blob = response.getStorkAuthnResponse().getTokenSaml();
+
+            context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob));
+            Logger.debug("SAMLResponse original: " + new String(blob));
+
+            Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL());
+            context.put("action", request.getAssertionConsumerServiceURL());
+            Logger.debug("Starting template merge");
+            StringWriter writer = new StringWriter();
+
+            Logger.debug("Doing template merge");
+            template.merge(context, writer);
+            Logger.debug("Template merge done");
+
+            Logger.debug("Sending html content: " + writer.getBuffer().toString());
+            Logger.debug("Sending html content2  : " + new String(writer.getBuffer()));
+
+            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+        } catch (Exception e) {
+            Logger.error("Velocity error: " + e.getMessage());
+        }
+    }
+
+    /* (non-Javadoc)
+     * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+     */
+    public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+    	// this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action.
+        return false;
+    }
+
+    /* (non-Javadoc)
+     * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+     */
+    public String getDefaultActionName() {
+        return STORKProtocol.CONSENT_EVALUATOR;
+    }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index e415daf3e..b1c923b9f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -26,12 +26,14 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
     public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
     public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector";
     public static final String MANDATERETRIEVALREQUEST = "MandateRetrievalRequest";
+	public static final String CONSENT_EVALUATOR = "ConsentEvaluator";
 
     private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
 
     static {
         actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
         actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector());
+        actions.put(CONSENT_EVALUATOR, new ConsentEvaluatorSepp());
     }
 
     public String getName() {
@@ -63,7 +65,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
 
         MOASTORKRequest STORK2Request = new MOASTORKRequest();
 
-		if (AttributeCollector.class.getSimpleName().equals(action))
+		if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluatorSepp.class.getSimpleName().equals(action))
 			return STORK2Request;
 
         //extract STORK Response from HTTP Request
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index f6a296fde..d45abbf1c 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -211,6 +211,7 @@ stork.13=Fehler beim Sammeln eines Attributes in einem AttributProviderPlugin
 stork.14=Es wurde weder Authentifizierungs/  noch Attributerequest empfangen
 stork.15=Unbekannte request.
 stork.16=Ein Attribute aus zwei verschiedenen Quellen unterscheidet sich\: {0}
+stork.17=Fehler beim Einholen der Zustimmung für Attribut\u00FCbertragung durch den Benutzer
 
 pvp2.00={0} ist kein gueltiger consumer service index
 pvp2.01=Fehler beim kodieren der PVP2 Antwort
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
new file mode 100644
index 000000000..2ad03e34e
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
@@ -0,0 +1,444 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+
+   <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
+    <style type="text/css">
+			@media screen and (min-width: 650px) {
+			
+				body {
+					margin:0;
+					padding:0;
+					color : #000;
+					background-color : #fff;
+			  	text-align: center;
+			  	background-color: #6B7B8B;
+				}
+        
+        #bku_header h2 {
+          font-size: 0.8em;
+        } 
+        
+        
+			  #page {
+			    display: block;
+			    border: 2px solid rgb(0,0,0);
+			    width: 650px;
+			    height: 460px;
+			    margin: 0 auto;
+			    margin-top: 5%;
+			    position: relative;
+			    border-radius: 25px;
+			    background: rgb(255,255,255);
+			  }
+			  
+			  #page1 {
+			    text-align: center;
+			  }
+			  
+			  #main {
+			    /*	clear:both; */
+				  position:relative;
+			    margin: 0 auto;
+			    width: 250px;
+			    text-align: center;
+			  }
+			  
+			  .OA_header {
+			/*	  background-color: white;*/
+			    font-size: 20pt;
+			    margin-bottom: 25px;
+			    margin-top: 25px;
+			  }
+			
+			  #leftcontent {
+			    /*float:left; */
+				  width:250px;
+				  margin-bottom: 25px;
+			    text-align: left;
+			    border: 1px solid rgb(0,0,0);
+			  }
+			  			  
+			  #selectArea {
+				 font-size: 15px;
+				 padding-bottom: 65px;
+			  }
+			
+			  #leftcontent {
+				 width: 300px;
+				 margin-top: 30px;
+			  }
+			
+        #bku_header {
+          height: 5%;
+          padding-bottom: 3px;
+          padding-top: 3px;
+        }
+      
+        #bkulogin {
+				  overflow:auto;	
+          min-width: 190px;
+          height: 260px;
+			  }
+      
+        h2#tabheader{
+				  font-size: 1.1em; 
+          padding-left: 2%;
+          padding-right: 2%;
+          position: relative;
+			  }
+        		  
+			  .setAssertionButton_full {
+			  	background: #efefef;
+				  cursor: pointer;
+				  margin-top: 15px;
+			    width: 100px;
+			    height: 30px
+			  }
+			
+			  #leftbutton  {
+				 width: 30%; 
+				 float:left; 
+				 margin-left: 40px;
+			  }
+			
+			  #rightbutton {
+				 width: 30%; 
+				 float:right; 
+				 margin-right: 45px; 
+				 text-align: right;
+			  }
+        
+        button {
+          height: 25px;
+          width: 75px;
+          margin-bottom: 10px;
+        }
+        
+       #validation {
+        position: absolute;
+        bottom: 0px;
+        margin-left: 270px;
+        padding-bottom: 10px;
+      }
+			
+			}
+
+      @media screen and (max-width: 205px) {        
+        #bku_header h2 {
+          font-size: 0.8em;
+          margin-top: -0.4em;
+          padding-top: 0.4em;
+        }
+        
+        #bkulogin {
+        min-height: 150px;
+        } 
+      }
+
+      @media screen and (max-width: 249px) and (min-width: 206px) {        
+        #bku_header h2 {
+          font-size: 0.9em;
+          margin-top: -0.45em;
+          padding-top: 0.45em;
+        }
+        
+        #bkulogin {
+          height: 180px;
+        }  
+      }
+
+      @media screen and (max-width: 299px) and (min-width: 250px) {
+        #bku_header h2 {
+          font-size: 1.1em;
+          margin-top: -0.55em;
+          padding-top: 0.55em;
+        } 
+      }
+      
+      @media screen and (max-width: 649px) and (min-width: 400px) {
+        #bku_header h2 {
+          font-size: 1.3em;
+          margin-top: -0.65em;
+          padding-top: 0.65em;
+        } 
+      }
+
+
+			
+			@media screen and (max-width: 649px) {
+				
+        body {
+					margin:0;
+					padding:0;
+					color : #000;
+			  	text-align: center;
+          font-size: 100%;
+			  	background-color: #MAIN_BACKGOUNDCOLOR#;
+				}
+        				
+			  #page {
+			     visibility: hidden;
+			     margin-top: 0%;
+			  }
+			  
+			  #page1 {
+			    visibility: hidden;
+			  }
+			  
+			  #main {
+			    visibility: hidden;
+			  }
+        
+        #validation {
+          visibility: hidden;
+          display: none;
+        }
+			  
+			  .OA_header {
+			    margin-bottom: 0px;
+			    margin-top: 0px;
+			    font-size: 0pt;
+			    visibility: hidden;
+			  }
+			
+			  #leftcontent {
+			    visibility: visible;
+			    margin-bottom: 0px;
+			    text-align: left;
+			    border:none;
+          vertical-align: middle;
+          min-height: 173px;
+          min-width: 204px;
+          
+			  }
+			  
+        #bku_header {
+          height: 10%;
+          min-height: 1.2em;
+          margin-top: 1%;
+        }
+        
+        h2#tabheader{
+          padding-left: 2%;
+          padding-right: 2%;
+          position: relative;
+          top: 50%;
+			  }
+        
+       	#bkulogin {	
+          min-width: 190px;
+          height: 155px;	
+			 }
+        
+			 .setAssertionButton_full {
+			     	background: #efefef;
+				    cursor: pointer;
+				    margin-top: 15px;
+			      width: 70px;
+			      height: 25px;
+			 }
+       
+        input[type=button] {
+/*          height: 11%;  */
+          width: 70%;
+        }
+			}
+			      
+			* {
+				margin: 0;
+				padding: 0;
+        font-family: #FONTTYPE#;
+			}
+							      			
+			#selectArea {
+				padding-top: 10px;
+				padding-bottom: 55px;
+				padding-left: 10px;
+			}
+			
+			.setAssertionButton {
+				background: #efefef;
+				cursor: pointer;
+				margin-top: 15px;
+			  width: 70px;
+			  height: 25px;
+			}
+			
+			#leftbutton  {
+				width: 35%; 
+				float:left; 
+				margin-left: 15px;
+			}
+			
+			#rightbutton {
+				width: 35%; 
+				float:right; 
+				margin-right: 25px; 
+				text-align: right;
+			}
+      
+      .verticalcenter {
+        vertical-align: middle;
+      }
+      
+			input {
+				/*border:1px solid #000;*/
+				cursor: pointer;
+			}
+      
+
+			#installJava, #BrowserNOK {
+				clear:both;
+				font-size:0.8em;
+				padding:4px;
+			}
+						
+			.selectText{
+			
+			}
+			
+			.selectTextHeader{
+			
+			}
+			
+			.sendButton {
+        width: 30%;
+        margin-bottom: 1%;	
+			}
+			
+			#leftcontent a {
+				text-decoration:none; 
+				color: #000;
+			/*	display:block;*/
+				padding:4px;	
+			}
+			
+			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
+				text-decoration:underline;
+				color: #000;	
+			}
+						
+			.infobutton {
+				background-color: #005a00;
+				color: white;
+				font-family: serif;
+				text-decoration: none;
+				padding-top: 2px;
+				padding-right: 4px;
+				padding-bottom: 2px;
+				padding-left: 4px;
+				font-weight: bold;
+			}
+			
+			.hell {
+				background-color : #MAIN_BACKGOUNDCOLOR#;
+        color: #MAIN_COLOR#;	
+			}
+			
+			.dunkel {
+				background-color: #HEADER_BACKGROUNDCOLOR#;
+        color: #HEADER_COLOR#;
+			}
+			      
+			.main_header {
+			   color: black;
+			    font-size: 32pt;
+			    position: absolute;
+			    right: 10%;
+			    top: 40px;
+				
+			}
+			
+			#controls {
+				text-align: right;
+			}
+      			                        
+    </style>       
+<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
+<script type="text/javascript">
+		function isIE() {
+			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
+		}
+		function isFullscreen() {
+			try {
+				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
+			} catch (e) {
+				return false;
+			}
+		}
+		function isActivexEnabled() {
+			var supported = null;
+			try {
+				supported = !!new ActiveXObject("htmlfile");
+			} catch (e) {
+				supported = false;
+			}
+			return supported;
+		}
+		function generateIFrame(iFrameURL) {
+			var el = document.getElementById("bkulogin");
+      var width = el.clientWidth;
+      var heigth = el.clientHeight - 20;
+			var parent = el.parentNode;
+            
+      iFrameURL += "&heigth=" + heigth;
+      iFrameURL += "&width=" + width;
+      
+			var iframe = document.createElement("iframe");
+			iframe.setAttribute("src", iFrameURL);
+			iframe.setAttribute("width", el.clientWidth - 1);
+			iframe.setAttribute("height", el.clientHeight - 1);
+			iframe.setAttribute("frameborder", "0");
+			iframe.setAttribute("scrolling", "no");
+			iframe.setAttribute("title", "Login");
+			parent.replaceChild(iframe, el);
+		}
+		function onChangeChecks() {
+      if (top.innerWidth < 650) {
+         document.getElementById("moaidform").setAttribute("target","_parent");
+      } else {
+         document.getElementById("moaidform").removeAttribute("target");
+      }
+      
+    }
+	</script>
+<title>#HEADER_TEXT#</title>
+</head>
+<body onload="onChangeChecks();" onresize="onChangeChecks();">
+	<div id="page">
+		<div id="page1" class="case selected-case" role="main">
+			<h2 class="OA_header" role="heading">STORK Informationsfreigabe</h2>
+			<div id="main">
+				<div id="leftcontent" class="hell" role="application">
+					<form method="POST" action="${action}">
+						<div id="bku_header" class="dunkel">
+							<h2 id="tabheader" class="dunkel" role="heading">STORK Informationsfreigabe</h2>
+						</div>
+						<div id="bkulogin" class="hell" role="form">
+							Alle angehakten Daten werden an das fragende Drittland &uuml;bermittelt.
+	  						<table>
+	  							${tablecontent}
+							</table>
+						</div>
+						<div id="controls" class="hell">
+							<input type="submit" value="weiter" />
+						</div>
+					</form>
+				</div>
+			</div>
+		</div>
+		<div id="validation">
+			<a href="http://validator.w3.org/check?uri="> <img
+				style="border: 0; width: 88px; height: 31px"
+				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
+			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
+				style="border: 0; width: 88px; height: 31px"
+				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				alt="CSS ist valide!" />
+			</a>
+		</div>
+	</div>
+</body>
+</html
\ No newline at end of file
-- 
cgit v1.2.3


From 3075521544ff79c5fa0d740c6b388bfeab58b8c5 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Wed, 12 Mar 2014 09:57:37 +0100
Subject: storing datacontainer in temporary storage before redirecting

---
 .../auth/src/main/webapp/WEB-INF/urlrewrite.xml    |  4 ++++
 .../moa/id/protocols/stork2/ConsentEvaluator.java  | 25 ++++++++++++++++++++++
 .../moa/id/protocols/stork2/STORKProtocol.java     |  4 ++--
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index d6df363c5..461ff7efc 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -60,6 +60,10 @@
         <from>^/stork2/ResumeAuthentication$</from>
         <to type="forward">/dispatcher?mod=id_stork2&amp;action=AttributeCollector&amp;%{query-string}</to>
     </rule>
+    <rule match-type="regex">
+        <from>^/stork2/CompleteAuthentication$</from>
+        <to type="forward">/dispatcher?mod=id_stork2&amp;action=ConsentEvaluator&amp;%{query-string}</to>
+    </rule>
     <rule match-type="regex">
         <from>^/stork2/SendPEPSAuthnRequest$</from>
         <to type="forward">/dispatcher?mod=id_stork2&amp;action=AuthenticationRequest&amp;%{query-string}</to>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 9745d81c5..8b7bcf0c6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -1,21 +1,27 @@
 package at.gv.egovernment.moa.id.protocols.stork2;
 
 import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.HashMap;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
 import eu.stork.peps.auth.engine.STORKSAMLEngine;
 import eu.stork.peps.exceptions.STORKSAMLEngineException;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -63,6 +69,25 @@ public class ConsentEvaluator implements IAction {
 	 */
 	public String requestConsent(DataContainer container, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException {
 		// prepare redirect
+		String newArtifactId;
+		try {
+
+			// memorize the container again
+			Logger.debug("prepare putting the container into temporary storage...");
+
+			// - generate new key
+			newArtifactId = new SecureRandomIdentifierGenerator().generateIdentifier();
+
+			// - put container in temporary store.
+			AssertionStorage.getInstance().put(newArtifactId, container);
+
+			Logger.debug("...successful");
+
+		} catch (Exception e1) {
+			// TODO should we return the response as is to the PEPS?
+			Logger.error("Error putting incomplete Stork response into temporary storage", e1);
+			throw new MOAIDException("stork.17", null);
+		}
 
 		// ask for consent
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index b1c923b9f..19d1c7f15 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -33,7 +33,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
     static {
         actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
         actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector());
-        actions.put(CONSENT_EVALUATOR, new ConsentEvaluatorSepp());
+        actions.put(CONSENT_EVALUATOR, new ConsentEvaluator());
     }
 
     public String getName() {
@@ -65,7 +65,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
 
         MOASTORKRequest STORK2Request = new MOASTORKRequest();
 
-		if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluatorSepp.class.getSimpleName().equals(action))
+		if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action))
 			return STORK2Request;
 
         //extract STORK Response from HTTP Request
-- 
cgit v1.2.3


From eb993b9da5938138373a3ad4a619bf2e290c6cfc Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Wed, 12 Mar 2014 09:58:22 +0100
Subject: render consent html page

---
 .../moa/id/protocols/stork2/ConsentEvaluator.java  | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 8b7bcf0c6..5b5c00b2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -90,6 +90,29 @@ public class ConsentEvaluator implements IAction {
 		}
 
 		// ask for consent
+		try {
+			VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+			Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html");
+			VelocityContext context = new VelocityContext();
+
+			context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/CompleteAuthentication?" + ARTIFACT_ID + "=" + newArtifactId);
+
+			// assemble table
+			String table = "";
+			for (PersonalAttribute current : container.getResponse().getPersonalAttributeList())
+				if ("Available".equals(current.getStatus()))
+					table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
+
+			context.put("tablecontent", table);
+
+			StringWriter writer = new StringWriter();
+			template.merge(context, writer);
+			response.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+		} catch (Exception e) {
+			Logger.error("Velocity error: " + e.getMessage());
+			throw new MOAIDException("stork.17", null);
+		}
 
 		return "12345"; // AssertionId
 	}
-- 
cgit v1.2.3


From 4ade7db6124eec07aebf087721d3d478f92bdaad Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Wed, 12 Mar 2014 09:59:19 +0100
Subject: added consent-checkbox to config ui

---
 .../moa/id/configuration/data/oa/OASTORKConfig.java         | 10 ++++++++++
 .../moa/id/configuration/struts/action/EditOAAction.java    |  1 +
 .../src/main/resources/applicationResources.properties      |  1 +
 id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp      |  6 ++++++
 .../gv/egovernment/moa/id/config/auth/OAAuthParameter.java  |  5 ++++-
 .../moa/id/protocols/stork2/AttributeCollector.java         |  7 ++++++-
 .../src/main/resources/config/moaid_config_2.0.xsd          | 13 +++++++++----
 7 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
index 929a3673c..d9f2a4d85 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
@@ -84,6 +84,7 @@ public class OASTORKConfig {
 				
 				// fetch vidp config
 				setVidpEnabled(config.isVidpEnabled());
+				setRequireConsent(config.isRequireConsent());
 
 				attributeProviderPlugins = config.getAttributeProviders();
 				// - if no attribute providers are configured, add a dummy
@@ -150,6 +151,7 @@ public class OASTORKConfig {
 	 */
 	private boolean vidpEnabled = false;
 	private List<AttributeProviderPlugin> attributeProviderPlugins = new ArrayList<AttributeProviderPlugin>();
+	private boolean requireConsent;
 
 	public List<String> getAvailableAttributeProviderPlugins() {
 		return AttributeProviderFactory.getAvailablePlugins();
@@ -170,4 +172,12 @@ public class OASTORKConfig {
 	public void setVidpEnabled(boolean update) {
 		vidpEnabled = update;
 	}
+	
+	public boolean isRequireConsent() {
+		return requireConsent;
+	}
+	
+	public void setRequireConsent(boolean update) {
+		requireConsent = update;
+	}
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 370923ca1..f8a12e58b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -1036,6 +1036,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware,
         stork.setQaa(storkOA.getQaa());
         stork.setOAAttributes(storkOA.getAttributes());
         stork.setVidpEnabled(storkOA.isVidpEnabled());
+        stork.setRequireConsent(storkOA.isRequireConsent());
         stork.setAttributeProviders(storkOA.getAttributeProviderPlugins());
 
         try {
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties
index ef52892b3..18d19c06b 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties
@@ -278,6 +278,7 @@ webpages.oaconfig.oauth20.clientSecret=Client Passwort
 webpages.oaconfig.oauth20.redirectUri=Redirect Uri 
 
 webpages.oaconfig.vidp.enabled=VIDP interface aktiv
+webpages.oaconfig.vidp.requireconsent=Zustimmung f\u00FCr das Ausliefern der Attribute vom Benutzer einholen?
 webpages.oaconfig.vidp.ap.new=Neuen Attribut Provider erstellen
 webpages.oaconfig.vidp.ap.remove=Entfernen
 webpages.oaconfig.vidp.ap.list=Liste der konfigurierten Attribut Provider
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
index 78ad500ef..6749b5131 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
@@ -537,6 +537,12 @@
 								key="webpages.oaconfig.vidp.enabled"
 								cssClass="checkbox"
 								id="OAuseVidp" /></p>
+							<p><s:checkbox name="storkOA.requireConsent" 
+								value="%{storkOA.requireConsent}"
+								labelposition="left"
+								key="webpages.oaconfig.vidp.requireconsent"
+								cssClass="checkbox"
+								id="OArequireConsent" /></p>
 							<h5><%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.list", request) %></h5>
 							<table id="stork_aplist">
 								<tr><th>AP Plugin</th><th>URL</th><th>Attribute (CSV)</th></tr>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index d1de20c4d..31ba64be0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -67,7 +67,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
 import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
 import at.gv.egovernment.moa.id.config.ConfigurationUtils;
 import at.gv.egovernment.moa.id.config.OAParameter;
-import at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider;
 import at.gv.egovernment.moa.id.util.FormBuildUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -350,6 +349,10 @@ public List<OAStorkAttribute> getRequestedAttributes() {
 	return oa_auth.getOASTORK().getOAAttributes();
 }
 
+public boolean isRequireConsentForStorkAttributes() {
+	return oa_auth.getOASTORK().isRequireConsent();
+}
+
 public List<AttributeProviderPlugin> getStorkAPs() {
 	return oa_auth.getOASTORK().getAttributeProviders();
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 5d972ba00..7dbbb5734 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -148,7 +148,12 @@ public class AttributeCollector implements IAction {
 					// else, update any existing attributes
 					addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes);
             }
-            	new ConsentEvaluatorSepp().requestConsent(container, response, oaParam);
+            
+            // ask for consent if necessary
+            if(oaParam.isRequireConsentForStorkAttributes())
+            	new ConsentEvaluator().requestConsent(container, response, oaParam);
+            else
+            	new ConsentEvaluator().generateSTORKResponse(response, container);
 
             return "12345"; // AssertionId
 
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
index b7e8f6ff3..936363169 100644
--- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
+++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
@@ -883,11 +883,16 @@
 	<xsd:element name="OA_STORK">
 		<xsd:complexType>
 			<xsd:sequence>
-				<xsd:element name="StorkLogonEnabled" type="xsd:boolean"/>
-				<xsd:element ref="Qaa" minOccurs="0" maxOccurs="1"/>
-				<xsd:element ref="OAAttributes" minOccurs="0" maxOccurs="unbounded"/>
+				<xsd:element name="StorkLogonEnabled"
+					type="xsd:boolean" />
+				<xsd:element ref="Qaa" minOccurs="0" maxOccurs="1" />
+				<xsd:element ref="OAAttributes" minOccurs="0"
+					maxOccurs="unbounded" />
 				<xsd:element name="VidpEnabled" type="xsd:boolean"></xsd:element>
-				<xsd:element ref="AttributeProviders" maxOccurs="unbounded" minOccurs="0"></xsd:element>
+				<xsd:element ref="AttributeProviders"
+					maxOccurs="unbounded" minOccurs="0">
+				</xsd:element>
+				<xsd:element name="requireConsent" type="xsd:boolean"></xsd:element>
 			</xsd:sequence>
 		</xsd:complexType>
 	</xsd:element>
-- 
cgit v1.2.3


From 8ad16443ec20f49e8f14b1dc79c72a8dff674a64 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Wed, 12 Mar 2014 09:59:46 +0100
Subject: evaluate consent page result

---
 .../gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 5b5c00b2a..79404d4f0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -50,7 +50,14 @@ public class ConsentEvaluator implements IAction {
 			throw new MOAIDException("stork.17", null);
 		}
 
-		// TODO evaluate response
+		// evaluate response
+		for(PersonalAttribute current : container.getResponse().getPersonalAttributeList()) {
+			if(null == httpReq.getParameter(current.getName())) {
+				current.setStatus("notAvailable");
+				current.setValue(new ArrayList<String>());
+				current.setComplexValue(new HashMap<String, String>());
+			}
+		}
 
         // build and send response
         generateSTORKResponse(httpResp, container);
-- 
cgit v1.2.3