From 921a14d46078fba6ee66addd9b0c40ae82081f9c Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Wed, 12 Mar 2014 09:54:39 +0100
Subject: sketched consent collector

---
 .../id/protocols/stork2/AttributeCollector.java    |  80 +----------
 .../moa/id/protocols/stork2/ConsentEvaluator.java  | 149 +++++++++++++++++++++
 .../moa/id/protocols/stork2/STORKProtocol.java     |   4 +-
 3 files changed, 153 insertions(+), 80 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 9cd825fc8..5d972ba00 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -148,12 +148,7 @@ public class AttributeCollector implements IAction {
 					// else, update any existing attributes
 					addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes);
             }
-
-            // build response
-            generateSTORKResponse(container);
-
-            // set new http response
-            generateRedirectResponse(response, container);
+            	new ConsentEvaluatorSepp().requestConsent(container, response, oaParam);
 
             return "12345"; // AssertionId
 
@@ -185,79 +180,6 @@ public class AttributeCollector implements IAction {
         }
     }
 
-    /**
-     * generates binary response from given response class.
-     *
-     * @param container the container
-     * @throws MOAIDException the mOAID exception
-     */
-    private void generateSTORKResponse(DataContainer container) throws MOAIDException {
-    	MOASTORKRequest request = container.getRequest();
-        MOASTORKResponse response = container.getResponse();
-
-        try {
-            //Get SAMLEngine instance
-            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
-            Logger.debug("Starting generation of SAML response");
-			if(response.isAuthnResponse())
-				response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false));
-			else
-				response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false));
-				
-            //generateSAML Token
-            Logger.info("SAML response succesfully generated!");
-        } catch (STORKSAMLEngineException e) {
-            Logger.error("Failed to generate STORK SAML Response", e);
-            throw new MOAIDException("stork.05", null);
-        }
-
-        Logger.info("STORK SAML Response message succesfully generated ");
-    }
-
-    /**
-     * writes the storkresponse to the httpresponse using the velocity engine.
-     *
-     * @param httpResp the http resp
-     * @param container the container
-     */
-    private void generateRedirectResponse(HttpServletResponse httpResp, DataContainer container) {
-        MOASTORKResponse authnResponse = container.getResponse();
-        MOASTORKRequest authnRequest = container.getRequest();
-
-        // preparing redirection for the client
-        try {
-            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
-            VelocityContext context = new VelocityContext();
-            
-            byte[] blob;
-			if(authnRequest.isAttrRequest())
-            	blob = authnResponse.getStorkAttrQueryResponse().getTokenSaml();
-            else
-            	blob = authnResponse.getStorkAuthnResponse().getTokenSaml();
-
-            context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob));
-            Logger.debug("SAMLResponse original: " + new String(blob));
-
-            Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL());
-            context.put("action", authnRequest.getAssertionConsumerServiceURL());
-            Logger.debug("Starting template merge");
-            StringWriter writer = new StringWriter();
-
-            Logger.debug("Doing template merge");
-            template.merge(context, writer);
-            Logger.debug("Template merge done");
-
-            Logger.debug("Sending html content: " + writer.getBuffer().toString());
-            Logger.debug("Sending html content2  : " + new String(writer.getBuffer()));
-
-            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
-
-        } catch (Exception e) {
-            Logger.error("Velocity error: " + e.getMessage());
-        }
-    }
-    
     /**
      * Adds or updates all {@link PersonalAttribute} objects given in {@code source} to/in {@code target}.
      *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
new file mode 100644
index 000000000..9745d81c5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -0,0 +1,149 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import java.io.StringWriter;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * The ConsentEvaluator assists with fetching user consent on the list of attributes to be sent to the asking S-PEPS.
+ */
+public class ConsentEvaluator implements IAction {
+
+    /**
+     * The Constant ARTIFACT_ID.
+     */
+    private static final String ARTIFACT_ID = "artifactId";
+
+    /* (non-Javadoc)
+     * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
+     */
+    public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+
+		// - fetch the container
+		String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
+		DataContainer container;
+		try {
+			container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
+		} catch (MOADatabaseException e) {
+			Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
+			throw new MOAIDException("stork.17", null);
+		}
+
+		// TODO evaluate response
+
+        // build and send response
+        generateSTORKResponse(httpResp, container);
+        
+        return "12345"; // AssertionId
+    }
+
+	/**
+	 * Fills the given HttpResponse with the required web page.
+	 *
+	 * @param container the container
+	 * @param response the response
+	 * @param oaParam the oa param
+	 * @return the string
+	 * @throws MOAIDException the mOAID exception
+	 */
+	public String requestConsent(DataContainer container, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException {
+		// prepare redirect
+
+		// ask for consent
+
+		return "12345"; // AssertionId
+	}
+
+    /**
+     * generates binary response from given response class and fill the given HttpResponse with a SAML Post Binding template.
+     *
+     * @param httpResp the http resp
+     * @param container the container
+     * @throws MOAIDException the mOAID exception
+     */
+    public void generateSTORKResponse(HttpServletResponse httpResp, DataContainer container) throws MOAIDException {
+    	MOASTORKRequest request = container.getRequest();
+        MOASTORKResponse response = container.getResponse();
+
+        try {
+            //Get SAMLEngine instance
+            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+            Logger.debug("Starting generation of SAML response");
+			if(response.isAuthnResponse())
+				response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false));
+			else
+				response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false));
+				
+            //generateSAML Token
+            Logger.info("SAML response succesfully generated!");
+        } catch (STORKSAMLEngineException e) {
+            Logger.error("Failed to generate STORK SAML Response", e);
+            throw new MOAIDException("stork.05", null);
+        }
+
+        Logger.info("STORK SAML Response message succesfully generated ");
+
+        // preparing redirection for the client
+        try {
+            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+            VelocityContext context = new VelocityContext();
+            
+            byte[] blob;
+			if(request.isAttrRequest())
+            	blob = response.getStorkAttrQueryResponse().getTokenSaml();
+            else
+            	blob = response.getStorkAuthnResponse().getTokenSaml();
+
+            context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob));
+            Logger.debug("SAMLResponse original: " + new String(blob));
+
+            Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL());
+            context.put("action", request.getAssertionConsumerServiceURL());
+            Logger.debug("Starting template merge");
+            StringWriter writer = new StringWriter();
+
+            Logger.debug("Doing template merge");
+            template.merge(context, writer);
+            Logger.debug("Template merge done");
+
+            Logger.debug("Sending html content: " + writer.getBuffer().toString());
+            Logger.debug("Sending html content2  : " + new String(writer.getBuffer()));
+
+            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+        } catch (Exception e) {
+            Logger.error("Velocity error: " + e.getMessage());
+        }
+    }
+
+    /* (non-Javadoc)
+     * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+     */
+    public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+    	// this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action.
+        return false;
+    }
+
+    /* (non-Javadoc)
+     * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+     */
+    public String getDefaultActionName() {
+        return STORKProtocol.CONSENT_EVALUATOR;
+    }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index e415daf3e..b1c923b9f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -26,12 +26,14 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
     public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
     public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector";
     public static final String MANDATERETRIEVALREQUEST = "MandateRetrievalRequest";
+	public static final String CONSENT_EVALUATOR = "ConsentEvaluator";
 
     private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
 
     static {
         actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
         actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector());
+        actions.put(CONSENT_EVALUATOR, new ConsentEvaluatorSepp());
     }
 
     public String getName() {
@@ -63,7 +65,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
 
         MOASTORKRequest STORK2Request = new MOASTORKRequest();
 
-		if (AttributeCollector.class.getSimpleName().equals(action))
+		if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluatorSepp.class.getSimpleName().equals(action))
 			return STORK2Request;
 
         //extract STORK Response from HTTP Request
-- 
cgit v1.2.3