From 4843bccbf840ae93f855ef6548683ee794593915 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 4 Mar 2014 13:23:37 +0100 Subject: vidp can handle attrquery and authnrequest --- .../id/protocols/stork2/AttributeCollector.java | 34 +++++----- .../id/protocols/stork2/AuthenticationRequest.java | 68 +++++++++----------- .../moa/id/protocols/stork2/DataContainer.java | 24 +++---- .../moa/id/protocols/stork2/MOASTORKRequest.java | 29 ++++++++- .../moa/id/protocols/stork2/MOASTORKResponse.java | 75 ++++++++++++++++++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 16 ++--- 6 files changed, 169 insertions(+), 77 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java (limited to 'id/server/idserverlib/src/main/java/at/gv') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index bd32bfc78..5f46153af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -19,8 +19,6 @@ import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.apache.velocity.Template; @@ -183,15 +181,18 @@ public class AttributeCollector implements IAction { * @throws MOAIDException the mOAID exception */ private void generateSTORKResponse(DataContainer container) throws MOAIDException { - STORKAuthnResponse authnResponse = container.getResponse(); - STORKAuthnRequest authnRequest = container.getRequest(); + MOASTORKRequest request = container.getRequest(); + MOASTORKResponse response = container.getResponse(); try { //Get SAMLEngine instance STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); Logger.debug("Starting generation of SAML response"); - authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false); - + if(response.isAuthnResponse()) + response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false)); + else + response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false)); + //generateSAML Token Logger.info("SAML response succesfully generated!"); } catch (STORKSAMLEngineException e) { @@ -200,11 +201,6 @@ public class AttributeCollector implements IAction { } Logger.info("STORK SAML Response message succesfully generated "); - Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); - Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); - Logger.debug("authn saml encodedx: " + PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml())); - - container.setResponse(authnResponse); } /** @@ -214,17 +210,23 @@ public class AttributeCollector implements IAction { * @param container the container */ private void generateRedirectResponse(HttpServletResponse httpResp, DataContainer container) { - STORKAuthnResponse authnResponse = container.getResponse(); - STORKAuthnRequest authnRequest = container.getRequest(); + MOASTORKResponse authnResponse = container.getResponse(); + MOASTORKRequest authnRequest = container.getRequest(); // preparing redirection for the client try { VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); VelocityContext context = new VelocityContext(); - - context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml()).getBytes()); - Logger.debug("SAMLResponse original: " + new String(authnResponse.getTokenSaml()).getBytes()); + + byte[] blob; + if(authnRequest.isAttrRequest()) + blob = authnResponse.getStorkAttrQueryResponse().getTokenSaml(); + else + blob = authnResponse.getStorkAuthnResponse().getTokenSaml(); + + context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob).getBytes()); + Logger.debug("SAMLResponse original: " + new String(blob).getBytes()); Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); context.put("action", authnRequest.getAssertionConsumerServiceURL()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 18d0b479e..619935abe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -44,61 +44,55 @@ public class AuthenticationRequest implements IAction { Logger.debug("Entering MOASTORKRequest"); httpResp.reset(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); + // check if it is attribute query if (moaStorkRequest.isAttrRequest()) { Logger.debug("Starting AttrQueryRequest"); - STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse(); - IPersonalAttributeList personalAttributeList = moaStorkRequest.getStorkAttrQueryRequest().getPersonalAttributeList(); - - // TODO Check if this instance is eligible to fetch attributes locally, assuming yes - - return (new AttributeCollector()).processRequest(req, httpReq, httpResp, moasession); - - } else - // check if we have authentication request - if (moaStorkRequest.isAuthnRequest()) { - Logger.debug("Starting AuthenticationRequest"); - - STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry(moaStorkRequest.getStorkAuthnRequest().getSpCountry()); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); - - // Get personal attributtes from MOA/IdentityLink - authnResponse.setPersonalAttributeList(populateAttributes()); + + moaStorkResponse.setSTORKAttrResponse(new STORKAttrQueryResponse()); + } + // check if we have authentication request + else if (moaStorkRequest.isAuthnRequest()) { + Logger.debug("Starting AuthenticationRequest"); - // Prepare extended attributes - Logger.debug("Preparing data container"); + moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); + // Get personal attributtes from MOA/IdentityLink + moaStorkResponse.setPersonalAttributeList(populateAttributes()); + } + + moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); - // create fresh container - DataContainer container = new DataContainer(); + // Prepare extended attributes + Logger.debug("Preparing data container"); - // - fill in the request we extracted above - container.setRequest(moaStorkRequest.getStorkAuthnRequest()); + // create fresh container + DataContainer container = new DataContainer(); - // - fill in the partial response created above - container.setResponse(authnResponse); + // - fill in the request we extracted above + container.setRequest(moaStorkRequest); - // - memorize the target url were we have to return the result - container.setTarget(moaStorkRequest.getStorkAuthnRequest().getAssertionConsumerServiceURL()); + // - fill in the partial response created above + container.setResponse(moaStorkResponse); - container.setRemoteAddress(httpReq.getRemoteAddr()); + // - memorize the target url were we have to return the result + container.setTarget(moaStorkRequest.getAssertionConsumerServiceURL()); + container.setRemoteAddress(httpReq.getRemoteAddr()); - Logger.debug("Data container prepared"); - return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + Logger.debug("Data container prepared"); - } + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); } else { Logger.error("Could not recognize request."); throw new MOAIDException("stork.15", null); } - - return null; } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java index a1c40526d..74239318b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java @@ -2,10 +2,6 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.io.Serializable; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; - -// TODO: Auto-generated Javadoc /** * Holds info about an ongoing but yet incomplete stork authnrequest process. */ @@ -15,10 +11,10 @@ public class DataContainer implements Serializable { private static final long serialVersionUID = -8765997480582363012L; /** The incoming request. */ - private STORKAuthnRequest request; + private MOASTORKRequest request; /** The yet incomplete response. */ - private STORKAuthnResponse response; + private MOASTORKResponse response; /** The target. */ private String target; @@ -31,17 +27,17 @@ public class DataContainer implements Serializable { * * @return the request */ - public STORKAuthnRequest getRequest() { + public MOASTORKRequest getRequest() { return request; } /** * Sets the request. * - * @param request the new request + * @param moaStorkRequest the new request */ - public void setRequest(STORKAuthnRequest request) { - this.request = request; + public void setRequest(MOASTORKRequest moaStorkRequest) { + this.request = moaStorkRequest; } /** @@ -49,17 +45,17 @@ public class DataContainer implements Serializable { * * @return the response */ - public STORKAuthnResponse getResponse() { + public MOASTORKResponse getResponse() { return response; } /** * Sets the response. * - * @param response the new response + * @param moaStorkResponse the new response */ - public void setResponse(STORKAuthnResponse response) { - this.response = response; + public void setResponse(MOASTORKResponse moaStorkResponse) { + this.response = moaStorkResponse; } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 47a86174f..fa7db82c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -1,7 +1,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.io.Serializable; + import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAuthnRequest; @@ -11,8 +14,9 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest; * @author bsuzic */ -public class MOASTORKRequest implements IRequest { - private String requestID; +public class MOASTORKRequest implements IRequest, Serializable { + private static final long serialVersionUID = 4581953368724501376L; + private String requestID; private String target = null; String module = null; String action = null; @@ -102,4 +106,25 @@ public class MOASTORKRequest implements IRequest { public String getRequestID() { return this.requestID; } + + public IPersonalAttributeList getPersonalAttributeList() { + if(isAttrRequest()) + return this.storkAttrQueryRequest.getPersonalAttributeList(); + else + return this.storkAuthnRequest.getPersonalAttributeList(); + } + + public String getSpCountry() { + if(isAttrRequest()) + return this.storkAttrQueryRequest.getSpCountry(); + else + return this.storkAuthnRequest.getSpCountry(); + } + + public String getAssertionConsumerServiceURL() { + if(isAttrRequest()) + return this.storkAttrQueryRequest.getAssertionConsumerServiceURL(); + else + return this.storkAuthnRequest.getAssertionConsumerServiceURL(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java new file mode 100644 index 000000000..36f5a80b4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java @@ -0,0 +1,75 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.io.Serializable; + +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.commons.STORKAuthnResponse; + +/** + * Implements MOA request and stores StorkAuthn/Attr-Request related data + * + * @author bsuzic + */ + +public class MOASTORKResponse implements Serializable { + private static final long serialVersionUID = -5798803155055518747L; + private STORKAuthnResponse storkAuthnRequest; + private STORKAttrQueryResponse storkAttrQueryRequest; + private boolean isAttrRequest = false; + private boolean isAuthnRequest = false; + + public void setSTORKAuthnResponse(STORKAuthnResponse request) { + this.storkAuthnRequest = request; + if (request != null) { + isAuthnRequest = true; + } + } + + public void setSTORKAttrResponse(STORKAttrQueryResponse request) { + this.storkAttrQueryRequest = request; + if (request != null) { + isAttrRequest = true; + } + } + + public boolean isAttrResponse() { + return this.isAttrRequest; + } + + public boolean isAuthnResponse() { + return this.isAuthnRequest; + } + + + public STORKAuthnResponse getStorkAuthnResponse() { + return this.storkAuthnRequest; + } + + public STORKAttrQueryResponse getStorkAttrQueryResponse() { + return this.storkAttrQueryRequest; + } + + public IPersonalAttributeList getPersonalAttributeList() { + if(isAttrResponse()) + return this.storkAttrQueryRequest.getPersonalAttributeList(); + else + return this.storkAuthnRequest.getPersonalAttributeList(); + } + + public void setPersonalAttributeList(PersonalAttributeList populateAttributes) { + if(isAttrResponse()) + this.storkAttrQueryRequest.setPersonalAttributeList(populateAttributes); + else + this.storkAuthnRequest.setPersonalAttributeList(populateAttributes); + } + + public void setCountry(String spCountry) { + if(isAttrResponse()) + this.storkAttrQueryRequest.setCountry(spCountry); + else + this.storkAuthnRequest.setCountry(spCountry); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index e68b66510..d2f2ff663 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -102,14 +102,14 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); - } - - - // check if a valid attr request is container - try { - attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); - } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } catch(ClassCastException e) { + // we do not have a authnRequest + // check if a valid attr request is container + try { + attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } } // if there is no authn or attr request, raise error -- cgit v1.2.3