From 4df561f9f19966c92cd658efa0cd3942a0a091d4 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 5 May 2015 16:10:56 +0200
Subject: moved consent request before attributes are being collected

---
 .../id/protocols/stork2/AttributeCollector.java    | 12 ++-----
 .../id/protocols/stork2/AuthenticationRequest.java |  7 +++-
 .../moa/id/protocols/stork2/ConsentEvaluator.java  | 42 ++++++++++++++--------
 3 files changed, 37 insertions(+), 24 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 1e6cf6910..704f8b8a9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -26,12 +26,8 @@ import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
-import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
-import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -186,7 +182,8 @@ public class AttributeCollector implements IAction {
         List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
         for (PersonalAttribute current : requestAttributeList)
             if (!responseAttributeList.containsKey(current.getName()))
-                missingAttributes.add(current);
+                if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value())))
+                    missingAttributes.add(current);
 
         Logger.info("collecting attributes...");
 		Logger.debug("found " + missingAttributes.size() + " missing attributes");
@@ -253,10 +250,7 @@ public class AttributeCollector implements IAction {
             Logger.info("collecting attributes done");
             
             // ask for consent if necessary
-            if(oaParam.isRequireConsentForStorkAttributes())
-            	new ConsentEvaluator().requestConsent(container, response, oaParam);
-            else
-            	new ConsentEvaluator().generateSTORKResponse(response, container);
+            new ConsentEvaluator().generateSTORKResponse(response, container);
 
             return null; // AssertionId
                             // TODO
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 859f4900b..e0c4b3d16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -163,7 +163,12 @@ public class AuthenticationRequest implements IAction {
 
             Logger.debug("Data container prepared");
 
-            return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+            if(oaParam.isRequireConsentForStorkAttributes())
+                new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam);
+            else
+                new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
+
+            return null;
         }
 //        // check if we are getting request for citizen of some other country
 //        else if (req instanceof MOASTORKRequest) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 2c5728798..51e731e8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -23,13 +23,17 @@
 package at.gv.egovernment.moa.id.protocols.stork2;
 
 import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+
 import java.util.ArrayList;
 import java.util.HashMap;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import java.util.Map.Entry;
+
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
@@ -39,14 +43,13 @@ import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.stork.peps.auth.commons.PEPSUtil;
 import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
 import eu.stork.peps.auth.engine.STORKSAMLEngine;
 import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType;
 import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
-import org.joda.time.DateTime;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 
 import javax.servlet.http.HttpServletRequest;
@@ -72,23 +75,28 @@ public class ConsentEvaluator implements IAction {
 		DataContainer container;
 		try {
 			container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
+			req = container.getRequest();
 		} catch (MOADatabaseException e) {
 			Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
 			throw new MOAIDException("stork.17", null);
 		}
 
 		// evaluate response
-		for(PersonalAttribute current : container.getResponse().getPersonalAttributeList()) {
+		for(PersonalAttribute current : container.getRequest().getPersonalAttributeList()) {
 			if(null == httpReq.getParameter(current.getName())) {
-				current.setStatus(AttributeStatusType.NOT_AVAILABLE.value());
+				current.setStatus(AttributeStatusType.WITHHELD.value());
 				current.setValue(new ArrayList<String>());
 				current.setComplexValue(new HashMap<String, String>());
 			}
 		}
 
-        // build and send response
-        generateSTORKResponse(httpResp, container);
-        
+        //TODO: CHECK: req.getOAURL() should return the unique OA identifier
+		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
+		if (oaParam == null)
+			throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
+
+		new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
+
         return null; // AssertionId
     }
 
@@ -96,12 +104,19 @@ public class ConsentEvaluator implements IAction {
 	 * Fills the given HttpResponse with the required web page.
 	 *
 	 * @param container the container
+	 * @param authData 
 	 * @param response the response
 	 * @param oaParam the oa param
 	 * @return the string
 	 * @throws MOAIDException the mOAID exception
 	 */
-	public String requestConsent(DataContainer container, HttpServletResponse response, IOAAuthParameters oaParam) throws MOAIDException {
+	public String requestConsent(DataContainer container, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException {
+		//check if we need to collect consent
+        if(!oaParam.isRequireConsentForStorkAttributes()) {
+            (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+            return "";
+        }
+
 		// prepare redirect
 		String newArtifactId;
 		try {
@@ -130,13 +145,12 @@ public class ConsentEvaluator implements IAction {
 			Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html");
 			VelocityContext context = new VelocityContext();
 
-			context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/CompleteAuthentication?" + ARTIFACT_ID + "=" + newArtifactId);
+			context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId);
 
 			// assemble table
 			String table = "";
-			for (PersonalAttribute current : container.getResponse().getPersonalAttributeList())
-				if ("Available".equals(current.getStatus()))
-					table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
+			for (PersonalAttribute current : container.getRequest().getPersonalAttributeList())
+				table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
 
 			context.put("tablecontent", table);
 
-- 
cgit v1.2.3