From 2e59ebb5e82cac6fa4defc0ca4d201e59891d84f Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 17 Jan 2014 16:57:02 +0100 Subject: adding stork2 support to urlrewrite --- id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index d33cae207..cc9cc8236 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -52,7 +52,19 @@ /dispatcher?mod=id_pvp2x&action=Soap - + + ^/stork2/StartAuthentication$ + /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + + ^/stork2/SendPEPSAuthnRequest$ + /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + + + + + The outbound-rule specifies that when response.encodeURL is called (if you are using JSTL c:url) -- cgit v1.2.3 From 6e4f150c26b55cb2a0771e4d6c9b65cbc760c0f2 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 14 Feb 2014 16:11:09 +0100 Subject: logging --- id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 6 +++++- .../egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 7 +++++-- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index f8fdcaffc..b63d413d0 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -60,9 +60,13 @@ ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + ^/moa-id-auth/SendPEPSAuthnRequest$ + /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + - + ^/oauth2/auth\\?(.*)$ /dispatcher?mod=id_oauth20&action=AUTH&%{query-string} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 1971fe12d..1fa88e0a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -156,11 +156,14 @@ public class AuthenticationRequest implements IAction { context.put("SAMLResponse", IOUtils.toString(authnResponse.getTokenSaml())); Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); - Logger.info("Putting assertion consumer url as action: " + ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + Logger.debug("Putting assertion consumer url as action: " + ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); context.put("action", ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + Logger.debug("Starting template merge"); StringWriter writer = new StringWriter(); + Logger.debug("Doing template merge"); template.merge(context, writer); - + Logger.debug("Template merge done"); + Logger.debug("Sending html content: " + writer.toString().getBytes()); httpResp.getOutputStream().write(writer.toString().getBytes()); } catch (Exception e) { -- cgit v1.2.3 From 3f388c8862a4543d8c7f791e5ff47090d533aa0c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 14:55:17 +0100 Subject: added attribute collector action to protocol and urlrewrite --- id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 4 ++++ .../java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java | 1 + 2 files changed, 5 insertions(+) (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index f8fdcaffc..563ee04dd 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -56,6 +56,10 @@ ^/stork2/StartAuthentication$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + ^/stork2/ResumeAuthentication$ + /dispatcher?mod=id_stork2&action=AttributeCollector&%{query-string} + ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 323d9ba8e..318a8fc9c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -43,6 +43,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { static { actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); + actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector()); instance = new STORKProtocol(); } -- cgit v1.2.3 From 8dbc7af299d5e7a1dd4d1085d2840ff00f403bbb Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Mar 2014 20:28:57 +0100 Subject: attribut test --- .../auth/src/main/webapp/WEB-INF/urlrewrite.xml | 4 + .../moa/id/entrypoints/DispatcherServlet.java | 2 +- .../id/protocols/stork2/AttributeCollector.java | 12 ++- .../moa/id/protocols/stork2/AttributeProvider.java | 1 + .../protocols/stork2/AttributeProviderFactory.java | 98 +++++++++++----------- .../id/protocols/stork2/MISAttributeProvider.java | 22 ++++- .../moa/id/protocols/stork2/MOASTORKRequest.java | 2 +- .../protocols/stork2/MandateRetrievalRequest.java | 28 +++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 8 +- 9 files changed, 120 insertions(+), 57 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 59d6d6cce..d6df363c5 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -68,6 +68,10 @@ ^/moa-id-auth/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + ^/moa-id-auth/RetrieveMandate$ + /dispatcher?mod=id_stork2&action=MandateRetrievalRequest&%{query-string} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 3af8bcfe5..647c8bb39 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -491,7 +491,7 @@ public class DispatcherServlet extends AuthServlet{ } } catch (Throwable e) { - Logger.info("An authentication error occous: " + e.getMessage());; + Logger.info("An authentication error occured: " + e.getMessage());; // Try handle module specific, if not possible rethrow if (!info.generateErrorMessage(e, req, resp, protocolRequest)) { throw e; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 57c68e94c..030d7c497 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -124,15 +124,18 @@ public class AttributeCollector implements IAction { try { // for each attribute still missing for (PersonalAttribute currentAttribute : missingAttributes) { + Logger.error("Checking missing attribute: " + currentAttribute.getName()); // - check if we can find a suitable AttributeProvider Plugin for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { try { // - hand over control to the suitable plugin + Logger.error("Going to acquire missing attribute: " + currentAttribute.getName() + " at provider: " + currentProvider.getClass().getName()); IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); // - add the aquired attribute to the container - for (PersonalAttribute current : aquiredAttributes) - container.getResponse().getPersonalAttributeList().add(current); + + try { for (PersonalAttribute current : aquiredAttributes) + container.getResponse().getPersonalAttributeList().add(current); } catch (NullPointerException ex) { Logger.error ("Nothing found");} } catch (UnsupportedAttributeException e) { // ok, try the next attributeprovider } catch (MOAIDException e) { @@ -154,6 +157,7 @@ public class AttributeCollector implements IAction { } catch (ExternalAttributeRequestRequiredException e) { // the attribute request is ongoing and requires an external service. + Logger.error("EXTERNAL EXCEPTION CAUGHT"); try { // memorize the container again // - generate new key @@ -163,19 +167,19 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL + Logger.info("Performing redirect to gather attributes to: " + AuthConfigurationProvider.getInstance().getPublicURLPrefix()); e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); + e1.printStackTrace(); throw new MOAIDException("stork.11", null); } return "12345"; // TODO what to do here? } - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 59376fef6..2ecae1288 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -52,4 +52,5 @@ public interface AttributeProvider { */ public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 23edf69f9..953758dc3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -1,59 +1,61 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; + import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; - /** * A factory for creating AttributeProvider objects. */ public class AttributeProviderFactory { - /** - * Gets the available plugins. - * - * @return the available plugins - */ - public static List getAvailablePlugins() { - List result = new ArrayList(); - result.add("StorkAttributeRequestProvider"); - result.add("EHvdAttributeProvider"); - - return result; - } - - /** - * Creates an AttributeProvider object for the given shortname. Returns - * {@code null} if there is no such provider available. - * - * @param shortname - * the simpleName for the providers class - * @return the attribute provider - */ - public static AttributeProvider create(String shortname, String url) { - if (shortname.equals("StorkAttributeRequestProvider")) { - return new StorkAttributeRequestProvider(url); - } else if(shortname.equals("EHvdAttributeProvider")) { - return new EHvdAttributeProviderPlugin(url); - } else { - return null; - } - } - - /** - * Gets fresh instances of the configured plugins. - * - * @param configuredAPs the configured a ps - * @return the configured plugins - */ - public static List getConfiguredPlugins( - List configuredAPs) { - - List result = new ArrayList(); - for(AttributeProviderPlugin current : configuredAPs) - result.add(create(current.getName(), current.getUrl())); - - return result; - } + /** + * Gets the available plugins. + * + * @return the available plugins + */ + public static List getAvailablePlugins() { + List result = new ArrayList(); + result.add("StorkAttributeRequestProvider"); + result.add("EHvdAttributeProvider"); + result.add("MISAttributeProvider"); + + return result; + } + + /** + * Creates an AttributeProvider object for the given shortname. Returns + * {@code null} if there is no such provider available. + * + * @param shortname the simpleName for the providers class + * @return the attribute provider + */ + public static AttributeProvider create(String shortname, String url) { + if (shortname.equals("StorkAttributeRequestProvider")) { + return new StorkAttributeRequestProvider(url); + } else if (shortname.equals("EHvdAttributeProvider")) { + return new EHvdAttributeProviderPlugin(url); + } else if (shortname.equals("MISAttributeProvider")) { + return new MISAttributeProvider(url); + } else { + return null; + } + } + + /** + * Gets fresh instances of the configured plugins. + * + * @param configuredAPs the configured a ps + * @return the configured plugins + */ + public static List getConfiguredPlugins( + List configuredAPs) { + + List result = new ArrayList(); + for (AttributeProviderPlugin current : configuredAPs) + result.add(create(current.getName(), current.getUrl())); + + return result; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java index 7665bb239..8cdbfd37c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -13,15 +14,34 @@ import javax.servlet.http.HttpServletResponse; * Implements Attribute Provider for Mandates */ public class MISAttributeProvider implements AttributeProvider { + + String url = null; + + public MISAttributeProvider(String url) { + this.url = url; + } + public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + Logger.error("Entering MIS for attribute: " + attributes.getName()); + + if (attributes.getName().equals("residencePermit")) { + Logger.error("MIS EXCEPTION: " + attributes.getName()); + throw new ExternalAttributeRequestRequiredException(this); + } + return null; // } public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - // + Logger.error("Entering MIS redirect for attribute: " ); + } public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { return null; // } + + public String getName() { + return "MandateProvider"; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 47a86174f..39a6907c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -52,7 +52,7 @@ public class MOASTORKRequest implements IRequest { return this.storkAttrQueryRequest; } - public String getOAURL() { + public String getOAURL() { // TODO CHECK IT if (isAuthnRequest) return storkAuthnRequest.getAssertionConsumerServiceURL(); else if (isAttrRequest) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java new file mode 100644 index 000000000..bad711dbb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import com.sun.xml.ws.security.trust.WSTrustConstants; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Processes mandate data after authentication is done in AT + * @author bsuzic + */ +public class MandateRetrievalRequest implements IAction { + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + return null; // + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + return true; + } + + public String getDefaultActionName() { + return STORKProtocol.MANDATERETRIEVALREQUEST; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index e68b66510..3762a5101 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -31,6 +31,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector"; + public static final String MANDATERETRIEVALREQUEST = "MandateRetrievalRequest"; private static HashMap actions = new HashMap(); @@ -102,16 +103,19 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } catch (ClassCastException e) { + Logger.error("Could not extract authenticaiton request"); } - // check if a valid attr request is container + // check if a valid attr request is containerd try { attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } catch (ClassCastException e) { + Logger.error("Could not extract attribute request"); } - // if there is no authn or attr request, raise error if ((authnRequest == null) && (attrRequest == null)) { Logger.error("There is no authentication or attribute request contained."); -- cgit v1.2.3 From 3075521544ff79c5fa0d740c6b388bfeab58b8c5 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 12 Mar 2014 09:57:37 +0100 Subject: storing datacontainer in temporary storage before redirecting --- .../auth/src/main/webapp/WEB-INF/urlrewrite.xml | 4 ++++ .../moa/id/protocols/stork2/ConsentEvaluator.java | 25 ++++++++++++++++++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 4 ++-- 3 files changed, 31 insertions(+), 2 deletions(-) (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index d6df363c5..461ff7efc 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -60,6 +60,10 @@ ^/stork2/ResumeAuthentication$ /dispatcher?mod=id_stork2&action=AttributeCollector&%{query-string} + + ^/stork2/CompleteAuthentication$ + /dispatcher?mod=id_stork2&action=ConsentEvaluator&%{query-string} + ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 9745d81c5..8b7bcf0c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -1,21 +1,27 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.io.StringWriter; +import java.util.ArrayList; +import java.util.HashMap; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -63,6 +69,25 @@ public class ConsentEvaluator implements IAction { */ public String requestConsent(DataContainer container, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException { // prepare redirect + String newArtifactId; + try { + + // memorize the container again + Logger.debug("prepare putting the container into temporary storage..."); + + // - generate new key + newArtifactId = new SecureRandomIdentifierGenerator().generateIdentifier(); + + // - put container in temporary store. + AssertionStorage.getInstance().put(newArtifactId, container); + + Logger.debug("...successful"); + + } catch (Exception e1) { + // TODO should we return the response as is to the PEPS? + Logger.error("Error putting incomplete Stork response into temporary storage", e1); + throw new MOAIDException("stork.17", null); + } // ask for consent diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index b1c923b9f..19d1c7f15 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -33,7 +33,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { static { actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector()); - actions.put(CONSENT_EVALUATOR, new ConsentEvaluatorSepp()); + actions.put(CONSENT_EVALUATOR, new ConsentEvaluator()); } public String getName() { @@ -65,7 +65,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { MOASTORKRequest STORK2Request = new MOASTORKRequest(); - if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluatorSepp.class.getSimpleName().equals(action)) + if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action)) return STORK2Request; //extract STORK Response from HTTP Request -- cgit v1.2.3 From 7f896d543b412062935db895c9a951d64d638b5d Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 18 Mar 2014 16:02:05 +0100 Subject: correcting mandate request --- .../auth/src/main/webapp/WEB-INF/urlrewrite.xml | 4 +- .../id/protocols/stork2/AttributeCollector.java | 2 +- .../protocols/stork2/AttributeProviderFactory.java | 7 +- .../id/protocols/stork2/AuthenticationRequest.java | 8 +- .../stork2/MandateAttributeRequestProvider.java | 109 +++++++++++++++++---- 5 files changed, 105 insertions(+), 25 deletions(-) (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 461ff7efc..5ed7739ec 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -69,11 +69,11 @@ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} - ^/moa-id-auth/SendPEPSAuthnRequest$ + ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} - ^/moa-id-auth/RetrieveMandate$ + ^/stork2/RetrieveMandate$ /dispatcher?mod=id_stork2&action=MandateRetrievalRequest&%{query-string} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 1dfccb6c0..e0f14c41d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -194,7 +194,7 @@ public class AttributeCollector implements IAction { * @throws MOAIDException */ private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException { - Logger.info("Updating " + source.size() + " attributes..."); + Logger.info("Updating " + source.size() + " attribute(s)..."); for (PersonalAttribute current : source) { Logger.debug("treating " + current.getName()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index a8a9d9677..7fb7a7bc6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -41,7 +41,12 @@ public class AttributeProviderFactory { } else if (shortname.equals("SignedDocAttributeRequestProvider")) { return new SignedDocAttributeRequestProvider(url, attributes); } else if (shortname.equals("MandateAttributeRequestProvider")) { - return new MandateAttributeRequestProvider(url, attributes); + try { + return new MandateAttributeRequestProvider(url, attributes); + } catch (Exception ex) { + ex.printStackTrace(); + return null; + } } else { return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 442fa8a5b..88c0e889d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -66,12 +66,8 @@ public class AuthenticationRequest implements IAction { Logger.debug("Starting AuthenticationRequest"); moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); - // Get personal attributtes from MOA/IdentityLink - moaStorkResponse.setPersonalAttributeList(populateAttributes()); - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - STORKAuthnResponse authnResponse = new STORKAuthnResponse(); Logger.debug("Starting generation of SAML response"); try { @@ -80,6 +76,10 @@ public class AuthenticationRequest implements IAction { // TODO } + // Get personal attributtes from MOA/IdentityLink + moaStorkResponse.setPersonalAttributeList(populateAttributes()); + + } //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java index 123999166..d3eded934 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -1,52 +1,127 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; +import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.StringWriter; /** - * Provides mandate attribute from MIS - * + * Provides mandate attribute from MIS */ public class MandateAttributeRequestProvider implements AttributeProvider { - /** The destination. */ - private Object destination; + /** + * The destination. + */ + private String destination; - /** The attributes. */ + /** + * The attributes. + */ private String attributes; - public MandateAttributeRequestProvider(String url, String supportedAttributes) { + private String spCountryCode; + + private PersonalAttributeList requestedAttributes; + + public MandateAttributeRequestProvider(String aPurl, String supportedAttributes) throws MOAIDException { Logger.setHierarchy("moa.id.protocols.stork2"); - destination = url; + destination = aPurl; attributes = supportedAttributes; } - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { - Logger.info("Acquiring attribute: " + this.getClass().getName()); + public String getAttrProviderName() { + return "MandateAttributeRequestProvider"; + } + + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName()); + this.spCountryCode = spCountryCode; + requestedAttributes = new PersonalAttributeList(1); + requestedAttributes.add(attribute); + // break if we cannot handle the requested attribute - if(!attributes.contains(attribute.getName())) + if (!attributes.contains(attribute.getName())) { + Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName()); throw new UnsupportedAttributeException(); + } PersonalAttributeList result = new PersonalAttributeList(); //return result; + Logger.info("Thrown external request by: " + getAttrProviderName()); throw new ExternalAttributeRequestRequiredException(this); } public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - Logger.info("Redirecting: " + this.getClass().getName()); + Logger.setHierarchy("moa.id.protocols.stork2"); + + String spSector = "Business"; + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + + //generate AuthnRquest + STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); + attributeRequest.setDestination(destination); + attributeRequest.setAssertionConsumerServiceURL(url); + attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); + attributeRequest.setQaa(oaParam.getQaaLevel()); + attributeRequest.setSpInstitution(spInstitution); + attributeRequest.setCountry(spCountryCode); + attributeRequest.setSpCountry(spCountryCode); + attributeRequest.setSpApplication(spApplication); + attributeRequest.setSpSector(spSector); + attributeRequest.setPersonalAttributeList(requestedAttributes); + + attributeRequest.setCitizenCountryCode("AT"); + + + Logger.info("STORK AttrRequest successfully assembled."); + + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); + try { + attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest); + } catch (STORKSAMLEngineException e) { + Logger.error("Could not sign STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AttrRequest successfully signed!"); + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.11", null); + } + Logger.info("STORK AttrRequest successfully rendered!"); } public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { - Logger.info("Parsing attribute: " + this.getClass().getName()); - return null; // } + } + -- cgit v1.2.3 From 658cb68c445d5b73815c43b66dd717483a425ea5 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 21 Mar 2014 11:23:03 +0100 Subject: service provider url --- id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 5ed7739ec..6f451ec79 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -68,6 +68,10 @@ ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + ^/stork2/ServiceProvider$ + /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} -- cgit v1.2.3