From 3d08ca18a290e57f6dd70f4b6914f0e3d5840bb7 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 17 Apr 2014 18:01:18 +0200 Subject: fixing authnreq error --- .../id/protocols/stork2/AuthenticationRequest.java | 179 ++++++++++----------- 1 file changed, 89 insertions(+), 90 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 599d0c302..51ec1fff3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -19,9 +19,6 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; -import org.opensaml.saml2.core.AudienceRestriction; -import org.opensaml.saml2.core.impl.AudienceRestrictionBuilder; -import org.opensaml.saml2.core.impl.AudienceRestrictionImpl; import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; @@ -76,15 +73,15 @@ public class AuthenticationRequest implements IAction { Logger.debug("Starting AuthenticationRequest"); moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + //STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - Logger.debug("Starting generation of SAML response"); - try { - moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(), httpReq.getRemoteAddr(), false)); - } catch (STORKSAMLEngineException ex) { - Logger.error("Failed to generate STORK SAML Response", ex); - throw new MOAIDException("stork.05", null); // TODO - } + // Logger.debug("Starting generation of SAML response"); + // try { + // moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(), httpReq.getRemoteAddr(), false)); + // } catch (STORKSAMLEngineException ex) { + // Logger.error("Failed to generate STORK SAML Response", ex); + // throw new MOAIDException("stork.05", null); // TODO + // } // Get personal attributtes from MOA/IdentityLink moaStorkResponse.setPersonalAttributeList(populateAttributes()); @@ -112,103 +109,105 @@ public class AuthenticationRequest implements IAction { } // check if we are getting request for citizen of some other country else if (req instanceof MOASTORKRequest) { - STORKAuthnRequest spAuthnRequest = ((MOASTORKRequest) req).getStorkAuthnRequest(); - STORKAuthnRequest storkAuthnRequest = null; - - String citizenCountryCode = spAuthnRequest.getCitizenCountryCode(); - Logger.info("Got authentication request for citizen of " + citizenCountryCode); + return handleMOAStorkRequest("VIDP", (MOASTORKRequest) req, httpReq.getRemoteAddr(), httpResp); + } - try { - storkAuthnRequest = (STORKAuthnRequest) spAuthnRequest.clone(); - } catch (CloneNotSupportedException e) { - Logger.error("Could not clone AuthnRequest ", e); - throw new MOAIDException("stork.05", null); // TODO - } + // Check if we got the response from PEPS + // If so then process it and forward to SP + else if ((req instanceof MOASTORKResponse)) { + return handleMOAStorkResponse("VIDP", (MOASTORKResponse) req, httpReq.getRemoteAddr(), httpResp); + } else { + Logger.error("Could not recognize request."); + throw new MOAIDException("stork.15", null); + } + } + /* + Handles STORKAuthnRequeste received for citizens of other countries + */ + private String handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException { - // check if citizen country is configured in the system - if (!(AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) { - Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode); - throw new MOAIDException("stork.05", null); // TODO - } + STORKAuthnRequest spAuthnRequest = moastorkRequest.getStorkAuthnRequest(); + STORKAuthnRequest storkAuthnRequest = null; - // extracting basic settings and adjusting assertion consumer - String issuer = null; - String assertionConsumerURL = null; - String publicURLPrefix = null; - String destinationURL = null; + String citizenCountryCode = spAuthnRequest.getCitizenCountryCode(); + Logger.info("Got authentication request for citizen of " + citizenCountryCode); - try { - issuer = new URL(AuthConfigurationProvider.getInstance().getPublicURLPrefix()).toString(); - destinationURL = AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString(); - publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); - assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest"; - } catch (MalformedURLException ex) { - Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProvider.getInstance().getPublicURLPrefix(), ex); - throw new MOAIDException("stork.05", null); // TODO - } catch (Exception ex) { - Logger.error("Problem with PEPS configuration of MOA instance.", ex); - throw new MOAIDException("stork.05", null); // TODO - } + try { + storkAuthnRequest = (STORKAuthnRequest) spAuthnRequest.clone(); + } catch (CloneNotSupportedException e) { + Logger.error("Could not clone AuthnRequest ", e); + throw new MOAIDException("stork.05", null); // TODO + } - // drop if we do not have publicprefix url configured on the instance - if (publicURLPrefix == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + // check if citizen country is configured in the system + if (!(AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) { + Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode); + throw new MOAIDException("stork.05", null); // TODO + } - // adjusting request - storkAuthnRequest.setEIDCrossBorderShare(spAuthnRequest.isEIDCrossBorderShare()); - storkAuthnRequest.setEIDSectorShare(spAuthnRequest.isEIDSectorShare()); - storkAuthnRequest.setEIDCrossSectorShare(spAuthnRequest.isEIDCrossSectorShare()); - storkAuthnRequest.setCitizenCountryCode(spAuthnRequest.getCitizenCountryCode()); - storkAuthnRequest.setIssuer(issuer); - storkAuthnRequest.setAssertionConsumerServiceURL(assertionConsumerURL); - storkAuthnRequest.setDestination(destinationURL); + // extracting basic settings and adjusting assertion consumer + String issuer = null; + String assertionConsumerURL = null; + String publicURLPrefix = null; + String destinationURL = null; - // regenerate request - try { - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - Logger.debug("Starting generation of SAML request"); - storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest); - - //generateSAML Token - Logger.info("SAML response succesfully generated!"); - } catch (STORKSAMLEngineException e) { - Logger.error("Failed to generate STORK SAML Response", e); - throw new MOAIDException("stork.05", null); - } + try { + issuer = new URL(AuthConfigurationProvider.getInstance().getPublicURLPrefix()).toString(); + destinationURL = AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString(); + publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest"; + } catch (MalformedURLException ex) { + Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProvider.getInstance().getPublicURLPrefix(), ex); + throw new MOAIDException("stork.05", null); // TODO + } catch (Exception ex) { + Logger.error("Problem with PEPS configuration of MOA instance.", ex); + throw new MOAIDException("stork.05", null); // TODO + } - // store original request from SP in order to be able to extract it in later iteration/response - DataContainer spRequestContainer = new DataContainer(); - spRequestContainer.setRequest((MOASTORKRequest) req); - try { - AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), spRequestContainer); - Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request with id " + spAuthnRequest.getSamlId()); - } catch (MOADatabaseException e) { - e.printStackTrace(); - } + // drop if we do not have publicprefix url configured on the instance + if (publicURLPrefix == null) + throw new AuthenticationException("stork.12", new String[]{"PublicURLPrefix"}); - // preparing redirection for the client - performRedirection("SAMLRequest", destinationURL, storkAuthnRequest.getTokenSaml(), httpResp); - return "xxxx";// TODO + // adjusting request + storkAuthnRequest.setEIDCrossBorderShare(spAuthnRequest.isEIDCrossBorderShare()); + storkAuthnRequest.setEIDSectorShare(spAuthnRequest.isEIDSectorShare()); + storkAuthnRequest.setEIDCrossSectorShare(spAuthnRequest.isEIDCrossSectorShare()); + storkAuthnRequest.setCitizenCountryCode(spAuthnRequest.getCitizenCountryCode()); + storkAuthnRequest.setIssuer(issuer); + storkAuthnRequest.setAssertionConsumerServiceURL(assertionConsumerURL); + storkAuthnRequest.setDestination(destinationURL); - } + // regenerate request + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + Logger.debug("Starting generation of SAML request"); + storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest); - // Check if we got the response from PEPS - // If so then process it and forward to SP - else if ((req instanceof MOASTORKResponse)) { - return handleMOAStorkResponse("VIDP", (MOASTORKResponse) req, httpReq.getRemoteAddr(), httpResp); - } else { - Logger.error("Could not recognize request."); - throw new MOAIDException("stork.15", null); + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); } - } + // store original request from SP in order to be able to extract it in later iteration/response + DataContainer spRequestContainer = new DataContainer(); + spRequestContainer.setRequest(moastorkRequest); - private String handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) { + try { + AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), spRequestContainer); + Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request with id " + spAuthnRequest.getSamlId()); + } catch (MOADatabaseException e) { + e.printStackTrace(); + } + // preparing redirection for the client + performRedirection("SAMLRequest", destinationURL, storkAuthnRequest.getTokenSaml(), httpResp); + return "xxxx";// TODO } /* -- cgit v1.2.3