From de809dbe57372fd0026765034a490287bf1b57eb Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 16 Apr 2014 18:42:16 +0200 Subject: extending the peps communication and response --- .../id/protocols/stork2/AttributeCollector.java | 1 + .../id/protocols/stork2/AuthenticationRequest.java | 261 ++++++++++++++++++++- .../moa/id/protocols/stork2/MOASTORKRequest.java | 3 +- .../moa/id/protocols/stork2/MOASTORKResponse.java | 212 ++++++++++++++--- .../stork2/MandateAttributeRequestProvider.java | 2 +- .../protocols/stork2/MandateRetrievalRequest.java | 2 +- .../moa/id/protocols/stork2/STORKProtocol.java | 42 +++- 7 files changed, 476 insertions(+), 47 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 1d9e31674..8f0d259b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -159,6 +159,7 @@ public class AttributeCollector implements IAction { new ConsentEvaluator().generateSTORKResponse(response, container); return "12345"; // AssertionId + // TODO } catch (ExternalAttributeRequestRequiredException e) { // the attribute request is ongoing and requires an external service. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 5e49fe413..efa77577e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -3,23 +3,30 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; -import org.joda.time.DateTime; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.StringWriter; +import java.security.NoSuchAlgorithmException; /** @@ -41,23 +48,23 @@ public class AuthenticationRequest implements IAction { this.moaSession = moasession; - if (req instanceof MOASTORKRequest) { + if ((req instanceof MOASTORKRequest) && !((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) { this.moaStorkRequest = (MOASTORKRequest) req; Logger.debug("Entering MOASTORKRequest"); httpResp.reset(); - + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); - + // check if it is attribute query if (moaStorkRequest.isAttrRequest()) { Logger.debug("Starting AttrQueryRequest"); - + moaStorkResponse.setSTORKAttrResponse(new STORKAttrQueryResponse()); } // check if we have authentication request @@ -70,7 +77,7 @@ public class AuthenticationRequest implements IAction { Logger.debug("Starting generation of SAML response"); try { - moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(),httpReq.getRemoteAddr(), false)); + moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(), httpReq.getRemoteAddr(), false)); } catch (STORKSAMLEngineException ex) { // TODO } @@ -80,7 +87,7 @@ public class AuthenticationRequest implements IAction { } - + //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); // Prepare extended attributes @@ -107,20 +114,256 @@ public class AuthenticationRequest implements IAction { arep.setSamlId("xxxx"); arep.setStatusCode("xxxx"); - // arep.setNotBefore(new DateTime().withTimeAtStartOfDay()); - // arep.setNotOnOrAfter(new DateTime().withTimeAtStartOfDay()); + // arep.setNotBefore(new DateTime().withTimeAtStartOfDay()); + // arep.setNotOnOrAfter(new DateTime().withTimeAtStartOfDay()); Logger.debug("Data container prepared"); return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + } // check if we are getting request for citizen of some other country + else if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) { + + // - generate new key + String artifactId = null; + try { + artifactId = new SecureRandomIdentifierGenerator().generateIdentifier(); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + + STORKAuthnRequest spAuthnRequest = ((MOASTORKRequest) req).getStorkAuthnRequest(); + STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest(); + + try { + storkAuthnRequest = (STORKAuthnRequest) spAuthnRequest.clone(); + } catch (CloneNotSupportedException e) { + e.printStackTrace(); + } + + storkAuthnRequest.setIssuer("VIDP"); + storkAuthnRequest.setAssertionConsumerServiceURL("https://vm-stork2-vidp:8443/moa-id-auth/stork2/SendPEPSAuthnRequest"); + storkAuthnRequest.setSamlId(artifactId); + + String publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + if (publicURLPrefix == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + + + DataContainer originalRequest = new DataContainer(); + originalRequest.setRequest((MOASTORKRequest) req); + + + // preparing redirection for the client + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + + //STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest(); + + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + Logger.debug("Starting generation of SAML request"); + storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest); + + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + + // store original request from sp in order to be able to extract it in later iteration/response + try { + AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), originalRequest); + Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request"); + } catch (MOADatabaseException e) { + e.printStackTrace(); + } + + byte[] blob; + blob = storkAuthnRequest.getTokenSaml(); + + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(blob)); + Logger.debug("SAMLRequest original: " + new String(blob)); + + Logger.debug("Putting url as action: " + "https://peps-test.mju.gov.si/PEPS/ColleagueRequest"); + context.put("action", "https://peps-test.mju.gov.si/PEPS/ColleagueRequest"); + Logger.debug("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.debug("Doing template merge"); + template.merge(context, writer); + Logger.debug("Template merge done"); + + Logger.debug("Sending html content: " + writer.getBuffer().toString()); + Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + } + return "xxxx";// TODO + + } // check if we got the response from peps, if so then process it and forward to sp + else if ((req instanceof MOASTORKResponse)) { + + MOASTORKResponse moastorkResponse = (MOASTORKResponse) req; + + + STORKAuthnResponse authnResponse = null; + // check if valid authn request is contained + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + + try { + authnResponse = engine.validateSTORKAuthnResponse(moastorkResponse.getSTORKAuthnResponseToken(), httpReq.getRemoteAddr()); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage()); + } + + Logger.info("Requesting artifactId " + authnResponse.getInResponseTo() + " from store."); + + DataContainer dataContainer = null; + + try { + dataContainer = AssertionStorage.getInstance().get(authnResponse.getInResponseTo(), DataContainer.class); + } catch (MOADatabaseException e) { + e.printStackTrace(); + } + + authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId()); + authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL()); + + + try { + //Get SAMLEngine instance + STORKSAMLEngine engine2 = STORKSAMLEngine.getInstance("VIDP"); + Logger.debug("Starting generation of SAML response"); + + authnResponse = engine2.generateSTORKAuthnResponse(dataContainer.getRequest().getStorkAuthnRequest(), authnResponse, httpReq.getRemoteAddr(), false); + + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + // preparing redirection for the client + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + + byte[] blob; + blob = authnResponse.getTokenSaml(); + + context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob)); + Logger.debug("SAMLResponse original: " + new String(blob)); + + Logger.debug("Putting assertion consumer url as action: " + dataContainer.getRequest().getAssertionConsumerServiceURL()); + context.put("action", dataContainer.getRequest().getAssertionConsumerServiceURL()); + + Logger.debug("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.debug("Doing template merge"); + template.merge(context, writer); + Logger.debug("Template merge done"); + + Logger.debug("Sending html content: " + writer.getBuffer().toString()); + Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + } + + + return "yyyyy"; // TODO } else { Logger.error("Could not recognize request."); throw new MOAIDException("stork.15", null); } } + + public void generatePEPSRedirect(HttpServletResponse httpResp, DataContainer container) throws MOAIDException { + MOASTORKRequest request = container.getRequest(); + MOASTORKResponse response = container.getResponse(); + + Logger.info("generating stork response..."); + + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + Logger.debug("Starting generation of SAML response"); + if (response.isAuthnResponse()) + response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false)); + else + response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false)); + + + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + // preparing redirection for the client + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + + byte[] blob; + if (request.isAttrRequest()) + blob = response.getStorkAttrQueryResponse().getTokenSaml(); + else + blob = response.getStorkAuthnResponse().getTokenSaml(); + + context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob)); + Logger.debug("SAMLResponse original: " + new String(blob)); + + Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL()); + context.put("action", request.getAssertionConsumerServiceURL()); + Logger.debug("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.debug("Doing template merge"); + template.merge(context, writer); + Logger.debug("Template merge done"); + + Logger.debug("Sending html content: " + writer.getBuffer().toString()); + Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + } + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + + if (req instanceof MOASTORKRequest) { + if (((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) { + return false; + + } + } else if (req instanceof MOASTORKResponse) { + return false; + } + return true; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 9ea33c8ef..a5a91fa55 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -7,6 +7,7 @@ import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; /** * Implements MOA request and stores StorkAuthn/Attr-Request related data. @@ -36,6 +37,7 @@ public class MOASTORKRequest implements IRequest, Serializable { /** The stork attr query request. */ private STORKAttrQueryRequest storkAttrQueryRequest; + /** * Sets the sTORK authn request. * @@ -72,7 +74,6 @@ public class MOASTORKRequest implements IRequest, Serializable { return null != storkAuthnRequest; } - /** * Gets the stork authn request. * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java index 4e0f57779..7d9e20cd0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java @@ -1,28 +1,124 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import java.io.Serializable; - +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryResponse; import eu.stork.peps.auth.commons.STORKAuthnResponse; +import java.io.Serializable; + /** * Implements MOA request and stores StorkAuthn/Attr-Request related data. * * @author bsuzic */ -public class MOASTORKResponse implements Serializable { - - /** The Constant serialVersionUID. */ - private static final long serialVersionUID = -5798803155055518747L; - - /** The stork authn request. */ - private STORKAuthnResponse storkAuthnResponse; - - /** The stork attr query request. */ +public class MOASTORKResponse implements IRequest, Serializable { + + /** + * The Constant serialVersionUID. + */ + private static final long serialVersionUID = -5798803155055518747L; + + /** + * The stork authn request. + */ + private STORKAuthnResponse storkAuthnResponse; + + /** + * The stork attr query request. + */ private STORKAttrQueryResponse storkAttrQueryResponse; - + + /** + * The action. + */ + String action = null; + + /** + * The token + */ + private byte[] storkAuthnResponseToken = null; + + /** + * The request id. + */ + private String requestID; + + + /** + * The module. + */ + String module = null; + + /** + * The target. + */ + private String target = null; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule() + */ + public String requestedModule() { + return this.module; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction() + */ + public String requestedAction() { + return action; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID() + */ + public String getRequestID() { + return this.requestID; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getTarget() + */ + public String getTarget() { + return this.target; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isSSOSupported() + */ + public boolean isSSOSupported() { + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth() + */ + public boolean forceAuth() { + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setModule(java.lang.String) + */ + public void setModule(String module) { + this.module = module; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String) + */ + public void setRequestID(String id) { + this.requestID = id; + } + /** * Sets the sTORK authn response. * @@ -32,6 +128,23 @@ public class MOASTORKResponse implements Serializable { this.storkAuthnResponse = request; } + /** + * Sets the sTORK authn response token + * + * @param request the new sTORK authn response token + */ + public void setSTORKAuthnResponseToken(byte[] token) { + this.storkAuthnResponseToken = token; + } + + /** + * Gets the sTORK authn response token . + * + * @param request the new sTORK authn response + */ + public byte[] getSTORKAuthnResponseToken() { + return this.storkAuthnResponseToken; + } /** * Sets the sTORK attr response. * @@ -77,17 +190,17 @@ public class MOASTORKResponse implements Serializable { public STORKAttrQueryResponse getStorkAttrQueryResponse() { return this.storkAttrQueryResponse; } - + /** * Gets the personal attribute list. * * @return the personal attribute list */ public IPersonalAttributeList getPersonalAttributeList() { - if(isAttrResponse()) - return this.storkAttrQueryResponse.getPersonalAttributeList(); - else - return this.storkAuthnResponse.getPersonalAttributeList(); + if (isAttrResponse()) + return this.storkAttrQueryResponse.getPersonalAttributeList(); + else + return this.storkAuthnResponse.getPersonalAttributeList(); } /** @@ -96,22 +209,53 @@ public class MOASTORKResponse implements Serializable { * @param populateAttributes the new personal attribute list */ public void setPersonalAttributeList(PersonalAttributeList populateAttributes) { - if(isAttrResponse()) - this.storkAttrQueryResponse.setPersonalAttributeList(populateAttributes); - else - this.storkAuthnResponse.setPersonalAttributeList(populateAttributes); - } - - /** - * Sets the country. - * - * @param spCountry the new country - */ - public void setCountry(String spCountry) { - if(isAttrResponse()) - this.storkAttrQueryResponse.setCountry(spCountry); - else - this.storkAuthnResponse.setCountry(spCountry); - } + if (isAttrResponse()) + this.storkAttrQueryResponse.setPersonalAttributeList(populateAttributes); + else + this.storkAuthnResponse.setPersonalAttributeList(populateAttributes); + } + + /** + * Sets the country. + * + * @param spCountry the new country + */ + public void setCountry(String spCountry) { + if (isAttrResponse()) + this.storkAttrQueryResponse.setCountry(spCountry); + else + this.storkAuthnResponse.setCountry(spCountry); + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL() + */ + public String getOAURL() { + if (isAuthnResponse()) + return storkAuthnResponse.getAudienceRestriction(); + else if (isAttrResponse()) + return storkAttrQueryResponse.getAudienceRestriction(); + else { + Logger.error("There is no authentication or attribute request contained in MOASTORKRequest."); + return null; + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv() + */ + public boolean isPassiv() { + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setAction(java.lang.String) + */ + public void setAction(String action) { + this.action = action; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java index 0e94600db..5d13ccb45 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -68,7 +68,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider { String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; - //generate AuthnRquest + //generate AttrQueryRequest STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); attributeRequest.setDestination(destination); attributeRequest.setAssertionConsumerServiceURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java index 3bd1686b4..077867fe0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -14,7 +14,7 @@ import javax.servlet.http.HttpServletResponse; */ public class MandateRetrievalRequest implements IAction { public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - Logger.info("Entering mandateretrievalrequest"); + Logger.error("Entering mandateretrievalrequest"); return null; // } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 00f919c82..689aed8aa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -64,10 +64,46 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.debug("Initiating action: " + action); MOASTORKRequest STORK2Request = new MOASTORKRequest(); + MOASTORKResponse STORK2Response = new MOASTORKResponse(); - if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action)) + + if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action)) return STORK2Request; + + if (request.getParameter("SAMLResponse") != null) { + //extract STORK Response from HTTP Request + byte[] decSamlToken; + try { + decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); + } catch (NullPointerException e) { + if (request.getRemoteHost().contains("129.27.142")) { + Logger.warn("Availability check by " + request.getRemoteHost() + " on URI: " + request.getRequestURI()); + } else { + Logger.error("Unable to retrieve STORK Request for host: " + request.getRemoteHost() + " and URI: " + request.getRequestURI(), e); + } + throw new MOAIDException("stork.04", null); + } + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + + STORKAuthnResponse authnResponse = null; + + + // check if valid authn request is contained + try { + authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, request.getRemoteAddr()); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage()); + } + + STORK2Response.setSTORKAuthnResponseToken(decSamlToken); + + return STORK2Response; + + } else if (request.getParameter("SAMLRequest") != null) { + //extract STORK Response from HTTP Request byte[] decSamlToken; try { @@ -87,6 +123,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORKAuthnRequest authnRequest = null; STORKAttrQueryRequest attrRequest = null; + // check if valid authn request is contained try { authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); @@ -112,6 +149,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORK2Request.setSTORKAttrRequest(attrRequest); return STORK2Request; + } else { + throw new MOAIDException("stork.14", null); // TODO Specify message + } } public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { -- cgit v1.2.3