From 04a2d507dfcf59dac15e542e391797e57a820c82 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 29 Jan 2014 14:02:05 +0100 Subject: complete workflow untested --- .../moa/id/auth/AuthenticationServer.java | 7 ++-- .../auth/builder/StartAuthenticationBuilder.java | 7 ++-- .../moa/id/auth/data/AuthenticationSession.java | 23 ++++++++++++- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 40 +++++----------------- .../moa/id/auth/stork/STORKResponseProcessor.java | 37 +++++++++----------- .../moa/id/protocols/saml1/GetArtifactAction.java | 14 ++++++++ 6 files changed, 68 insertions(+), 60 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 3dc2639d5..f19881578 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1723,13 +1723,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { // data.setRepresentative(representative); // data.setRepresented(represented); // data.setMandateContent(mandateContent); - request.setPEPSData(data); - + if(null != PEPSIdentifier) + request.setPEPSData(data); + + // TODO add MIS data // request.setMIS(value) Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); + return response; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java index e4bf37417..3bc152ec8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -36,8 +36,7 @@ public class StartAuthenticationBuilder { Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); // STORK or normal authentication - //TODO: commented because npe was thrown - /*if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { //STORK authentication Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); Logger.debug("Starting STORK authentication"); @@ -45,13 +44,13 @@ public class StartAuthenticationBuilder { AuthenticationServer.startSTORKAuthentication(req, resp, moasession); return ""; - } else {*/ + } else { //normal MOA-ID authentication Logger.debug("Starting normal MOA-ID authentication"); String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req); return getIdentityLinkForm; - //} + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 4a7676ec8..3ab6701c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -26,6 +26,7 @@ import java.util.Vector; import org.w3c.dom.Element; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; @@ -254,7 +255,9 @@ public class AuthenticationSession implements Serializable { private VerifyXMLSignatureResponse XMLVerifySignatureResponse; private boolean isForeigner; - + + private IPersonalAttributeList storkAttributes; + // private String requestedProtocolURL = null; public String getModul() { @@ -962,6 +965,24 @@ public class AuthenticationSession implements Serializable { public void setAuthBlockTokken(String authBlockTokken) { this.authBlockTokken = authBlockTokken; } + + /** + * Memorizes the stork attribute list. + * + * @param personalAttributeList the new stork attributes + */ + public void setStorkAttributes(IPersonalAttributeList personalAttributeList) { + this.storkAttributes = personalAttributeList; + } + + /** + * Recalls the stork attribute list. + * + * @return the stork attributes + */ + public IPersonalAttributeList getStorkAttributes() { + return this.storkAttributes; + } /** // * @return the oAuth20SessionObject diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index f1ee4c181..f05180932 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -78,9 +78,6 @@ public class PEPSConnectorServlet extends AuthServlet { //No authentication session has been started before Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started"); throw new AuthenticationException("auth.02", new Object[] { moaSessionID }); - } else { - //We know user and MOA takes over session handling, invalidate HttpSession - httpSession.invalidate(); } pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); @@ -192,49 +189,28 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.info("Received Identity Link from SZR Gateway"); moaSession.setIdentityLink(identityLink); - Logger.debug("Adding addtional STORK attributes to MOA assertion"); - //add other stork attributes to MOA assertion - List moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(storkAssertion.getAttributeStatements().get(0).getAttributes()); - moaSession.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes); + Logger.debug("Adding addtional STORK attributes to MOA session"); + moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList()); //We don't have BKUURL, setting from null to "Not applicable" moaSession.setBkuURL("Not applicable (STORK Authentication)"); - - Logger.debug("Starting to assemble MOA assertion"); - //produce MOA-Assertion and artifact - String samlArtifactBase64 = - AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession); - Logger.info("MOA assertion assembled and SAML Artifact generated."); + + // free for single use + moaSession.setAuthenticatedUsed(false); + + // stork did the authentication step + moaSession.setAuthenticated(true); //session is implicit stored in changeSessionID!!!! String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); //redirect String redirectURL = null; - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - /*redirectURL = moaSession.getOAURLRequested(); - if (!moaSession.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = response.encodeRedirectURL(redirectURL);*/ - redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID); redirectURL = response.encodeRedirectURL(redirectURL); - } else { - - redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID); - } - - try { - AuthenticationSessionStoreage.storeSession(moaSession); - } catch (MOADatabaseException e) { - throw new MOAIDException("Session store error", null); - } response.setContentType("text/html"); response.setStatus(302); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 9dede7179..664d0cf57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -14,7 +14,6 @@ import javax.xml.namespace.QName; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.ws.transport.http.HTTPInTransport; import org.opensaml.ws.transport.http.HTTPOutTransport; @@ -35,7 +34,6 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -44,6 +42,7 @@ import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import eu.stork.mw.messages.saml.STORKResponse; import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.util.SAMLUtil; @@ -389,33 +388,29 @@ public class STORKResponseProcessor { /** * Transforms additional STORK attributes to MOA Extended attributes - * @param storkAttributeList STORK attribute list + * @param iPersonalAttributeList STORK attribute list * @return */ - public static List addAdditionalSTORKAttributes(List storkAttributeList) { + public static List addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) { List moaExtendedSAMLAttributeList = new Vector(); + if(null == iPersonalAttributeList) + return moaExtendedSAMLAttributeList; + Logger.trace("Adding the following attributes to MOA assertion: "); int count = 0; - //only add attributes different than eIdentifier, given name, surname, dateOfBirth, signedDoc - for (Attribute attribute : storkAttributeList) { - //attribute is not in default returned attribute set - if (!STORKConstants.DEFAULT_STORK_RETURNED_ATTRIBUTE_SET.contains(attribute.getName())) { - - String attributeValue = null; - if (!attribute.getAttributeValues().isEmpty()) { - //we have attribute value - attributeValue = SAMLUtil.getStringValueFromXMLObject(attribute.getAttributeValues().get(0)); - } - ExtendedSAMLAttribute extendedSAMLAttribute = - new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0); - moaExtendedSAMLAttributeList.add(extendedSAMLAttribute); - count++; - Logger.trace("Additional attribute: " + attribute.getName()); - } + + for (PersonalAttribute attribute : iPersonalAttributeList) { + Object attributeValue = attribute.getValue(); + if (null == attributeValue) + attributeValue = attribute.getComplexValue(); + ExtendedSAMLAttribute extendedSAMLAttribute = + new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0); + moaExtendedSAMLAttributeList.add(extendedSAMLAttribute); + count++; + Logger.trace("Additional attribute: " + attribute.getName()); } - Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion."); return moaExtendedSAMLAttributeList; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index fa9dbe990..bf353bce4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -1,12 +1,17 @@ package at.gv.egovernment.moa.id.protocols.saml1; +import java.util.List; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; @@ -48,6 +53,15 @@ public class GetArtifactAction implements IAction { oaParam, target); + // add other stork attributes to MOA assertion if available + if(null != session.getStorkAttributes()) { + List moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(session.getStorkAttributes()); + session.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes); + //produce MOA-Assertion and artifact + AuthenticationServer.getInstance().getForeignAuthenticationData(session); + Logger.info("MOA assertion assembled and SAML Artifact generated."); + } + String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData); if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) { -- cgit v1.2.3