From 37be718068ed2c9c3e26a79d2deba88b33655f30 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 17 Jan 2014 17:29:51 +0100 Subject: copying old changes --- .../egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java | 2 ++ .../main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java | 2 +- .../java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 2 ++ .../src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java | 3 ++- .../gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 0 5 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index 965213b0a..099ee19a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -88,9 +88,11 @@ public class SignatureVerificationInvoker { authConnParam = authConfigProvider.getMoaSpConnectionParameter(); //If the ConnectionParameter do NOT exist, we try to get the api to work.... if (authConnParam != null) { + Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); endPoint = authConnParam.getUrl(); call.setTargetEndpointAddress(endPoint); responses = (Vector) call.invoke(serviceName, params); + Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used response = (SOAPBodyElement) responses.get(0); return response.getAsDOM(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 6a3f4cc9e..8b6504659 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -89,7 +89,7 @@ public class STORKConfig { } } - SAMLSigningParameter samlsign = stork.getSAMLSigningParameter(); + SAMLSigningParameter samlsign = stork.getSAMLSigningParameter(); // TODO Fix nullpointerexception when nothing is configured if (samlsign == null) { Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 777081da0..89da2b7af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -481,6 +481,8 @@ public class DispatcherServlet extends AuthServlet{ ConfigurationDBUtils.closeSession(); } + Logger.info("Clossing Dispatcher processing loop"); + Logger.info("Http response prepared sent: " + resp.toString()); } @Override diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java index 2a92f3ce5..8b8a4a63f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java @@ -10,7 +10,8 @@ public class ModulStorage { private static final String[] modulClasses = new String[]{ "at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol", - "at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol" + "at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol", + "at.gv.egovernment.moa.id.protocols.stork2.STORKProtocol" }; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3 From 5a929406263d98b140af591ca33ef5ecc1222284 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 17 Jan 2014 17:31:42 +0100 Subject: copying old changes --- .../at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java | 0 .../java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java new file mode 100644 index 000000000..e69de29bb diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3 From b5cbffea611b603d2ae28ebb104128e8abbb7656 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 17 Jan 2014 17:32:48 +0100 Subject: copying old changes --- .../id/protocols/stork2/AuthenticationRequest.java | 160 +++++++++++++++++++++ .../id/protocols/stork2/STORKAuthnRequestDEL.java | 72 ++++++++++ .../moa/id/protocols/stork2/STORKProcotol.java | 127 ++++++++++++++++ 3 files changed, 359 insertions(+) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index e69de29bb..49b6bba8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -0,0 +1,160 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.api.messages.StartAuthResponse; +import eu.stork.vidp.messages.stork.SpInstitution; +import eu.stork.vidp.messages.util.SAMLUtil; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +import org.opensaml.xml.util.Base64; +import org.opensaml.xml.util.XMLHelper; + +import javax.servlet.ServletOutputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.OutputStreamWriter; +import java.io.Writer; +import java.util.HashMap; + +/** + * @author bsuzic + * Date: 12/3/13, Time: 2:08 PM + */ + +public class AuthenticationRequest implements IAction { + /* + Second request step - after authentication of the user is done and moasession obtained, + process request and forward the user further to PEPS and/or other entities + */ + + + private VelocityEngine velocityEngine; + + + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + Logger.debug("Starting AuthenticationRequest"); + //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); + Logger.debug("Http Response: " + httpResp.toString() + ", "); + Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); + httpResp.reset(); + //httpResp.addHeader("Location", "http:/www.google.com"); + if (req instanceof STORKAuthnRequestDEL) { + Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); + StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); + + HttpSession httpSession = httpReq.getSession(); + httpSession.setAttribute("STORKSessionID", "12345"); + httpResp.setStatus(startAuthResponse.getHttpStatusCode()); + try { + ServletOutputStream os = httpResp.getOutputStream(); + String html = new String(startAuthResponse.getContent()); + + + if (html.contains(""); + html = html.substring(beginIndex + 9, endIndex); + startAuthResponse.setContent(html.getBytes()); + + } + Logger.info("HTML : " + html); + + os.write(startAuthResponse.getContent()); + Logger.info("Response sent to client"); + } catch (IOException e) { + Logger.error("ERROR MOA"); + throw new MOAIDException("error response sending", new Object[]{}); + } + //httpSession.setAttribute("CCC", ccc); + } + + + //httpResp.setStatus(200); + //VPEPSInboundPostHandler + + + return "12345"; // AssertionId + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + return true; + } + + + public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) { + + StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap()); + + if (authnRequest.getSPID() != null) { + Logger.debug("SP id: " + authnRequest.getSPID()); + } else { + SpInstitution spInstitution = (SpInstitution)authnRequest.getExtensions().getUnknownXMLObjects(SpInstitution.DEFAULT_ELEMENT_NAME).get(0); + Logger.debug("SP institution: " + spInstitution.getValue()); + } + + Logger.debug("SPEPS issuer: " + authnRequest.getIssuer().getValue()); + Logger.debug("SPEPS Consumer URL: " + authnRequest.getAssertionConsumerServiceURL()); + + + + try { + + initVelocityEngine(); + VelocityContext velocityContext = new VelocityContext(); + + velocityContext.put("action", authnRequest.getDestination()); + if (authnRequest.getDOM() == null) { + SAMLUtil.marshallMessage(authnRequest); + } + + String messageXML = XMLHelper.nodeToString(authnRequest.getDOM()); + String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES); + velocityContext.put("SAMLRequest", encodedMessage); + ByteArrayOutputStream outStream = new ByteArrayOutputStream(); + + Writer out = new OutputStreamWriter(outStream, "UTF-8"); + velocityEngine.mergeTemplate("/templates/saml2-post-binding.vm", "UTF-8", velocityContext, out); + out.flush(); + authResponse.setContent(outStream.toByteArray()); + + authResponse.addHeader("Content-Type", "text/html; charset=utf-8"); + authResponse.addHeader("Cache-Control", "no-cache"); + authResponse.setHttpStatusCode(200); + + } catch (Exception e) { + Logger.error("ERROR"); + } + + + return authResponse; + } + + public String getDefaultActionName() { + return STORKProtocol.AUTHENTICATIONREQUEST; + } + + + private void initVelocityEngine() throws Exception { + velocityEngine = new VelocityEngine(); + velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + velocityEngine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + + velocityEngine.init(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java index e69de29bb..9e3e7f53d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java @@ -0,0 +1,72 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.moduls.IRequest; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.messages.saml.impl.STORKAuthnRequestImpl; +import org.opensaml.common.xml.SAMLConstants; + +/** + * @author bsuzic + * Date: 12/4/13, Time: 6:31 PM + */ +//public class STORKAuthnRequestDEL extends STORKAuthnRequestImpl implements IRequest { + +public class STORKAuthnRequestDEL implements IRequest { + private String requestID; + private String target = null; + String module = null; + String action = null; + private STORKAuthnRequest storkAuthnRequest; + + public void setSTORKAuthnRequest(STORKAuthnRequestImpl request) { + this.storkAuthnRequest = request; + } + + public STORKAuthnRequest getStorkAuthnRequest() { + return this.storkAuthnRequest; + } + + public String getOAURL() { + return "https://sp:8889/SP"; // + } + + public boolean isPassiv() { + return false; // + } + + public boolean forceAuth() { + return false; // + } + + public boolean isSSOSupported() { + return false; // + } + + public String requestedModule() { + return this.module; // + } + + public String requestedAction() { + return action; // + } + + public void setModule(String module) { + this.module = module; + } + + public void setAction(String action) { + this.action = action; + } + + public String getTarget() { + return this.target; // + } + + public void setRequestID(String id) { + this.requestID = id; + } + + public String getRequestID() { + return this.requestID; // + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java index e69de29bb..15096083e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java @@ -0,0 +1,127 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.messages.saml.impl.STORKAuthnRequestImpl; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.ws.transport.http.HTTPInTransport; +import org.opensaml.ws.transport.http.HTTPOutTransport; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Collections; +import java.util.HashMap; + +/** + * Stork 2 Protocol Support + * Date: 11/29/13, Time: 12:32 PM + * @author bsuzic + */ +public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { + + public static final String NAME = STORKProtocol.class.getName(); + public static final String PATH = "id_stork2"; + + public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; + + private static HashMap actions = new HashMap(); + + static { + + actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); + + instance = new STORKProtocol(); + } + + private static STORKProtocol instance = null; + + + public String getName() { + return NAME; + } + + public String getPath() { + return PATH; + } + + public IAction getAction(String action) { + return actions.get(action); + } + + /* + First request step - send it to BKU selection for user authentication. After the user credentials + and other info are obtained, in the second step the request will be processed and the user redirected + */ + public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { + Logger.debug("Starting preprocessing"); + Logger.debug("Got request: " + request.toString()); + Logger.debug("Request method: " + request.getMethod()); + for (Object o : Collections.list(request.getHeaderNames())) { + Logger.debug("Request header: " + o.toString() + ":::" + request.getHeader(o.toString())); + } + for (Object o : Collections.list(request.getParameterNames())) { + Logger.debug("Request parameter: " + o.toString() + "::::" + request.getParameter(o.toString())); + } + + Logger.debug("Request content length: " + request.getContentLength()); + Logger.debug("Request query: " + request.getQueryString()); + Logger.debug("Response: " + response.toString()); + Logger.debug("Action: " + action); + + Logger.debug("Processing saml request"); + String SAMLRequest = request.getParameter("SAMLRequest"); + + HTTPInTransport profileReq = new HttpServletRequestAdapter(request); + HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure()); + + + BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); + samlMessageContext.setInboundMessageTransport(profileReq); + + HTTPPostDecoder postDecoder = new HTTPPostDecoder(); + postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator + + try { + Logger.debug("Attempting to decode request..."); + postDecoder.decode(samlMessageContext); + } catch (Exception e) { + Logger.error("Error decoding STORKAuthnRequest", e); + } + + STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); + //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage(); + STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); + STORK2Request.setSTORKAuthnRequest(ST2Req); + + Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode()); + Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel()); + Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); + + + return STORK2Request; + } + + public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { + return null; + } + + public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { + return false; + } + + public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { + return false; + } +} + + -- cgit v1.2.3 From dbc6bd6c792519467c490e536ff6f1af5175a796 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 17 Jan 2014 17:37:56 +0100 Subject: renaming --- .../moa/id/protocols/stork2/STORKProcotol.java | 127 --------------------- .../moa/id/protocols/stork2/STORKProtocol.java | 127 +++++++++++++++++++++ 2 files changed, 127 insertions(+), 127 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java deleted file mode 100644 index 15096083e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProcotol.java +++ /dev/null @@ -1,127 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.messages.saml.impl.STORKAuthnRequestImpl; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; -import org.opensaml.ws.transport.http.HTTPInTransport; -import org.opensaml.ws.transport.http.HTTPOutTransport; -import org.opensaml.ws.transport.http.HttpServletRequestAdapter; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.Collections; -import java.util.HashMap; - -/** - * Stork 2 Protocol Support - * Date: 11/29/13, Time: 12:32 PM - * @author bsuzic - */ -public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { - - public static final String NAME = STORKProtocol.class.getName(); - public static final String PATH = "id_stork2"; - - public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; - - private static HashMap actions = new HashMap(); - - static { - - actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); - - instance = new STORKProtocol(); - } - - private static STORKProtocol instance = null; - - - public String getName() { - return NAME; - } - - public String getPath() { - return PATH; - } - - public IAction getAction(String action) { - return actions.get(action); - } - - /* - First request step - send it to BKU selection for user authentication. After the user credentials - and other info are obtained, in the second step the request will be processed and the user redirected - */ - public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { - Logger.debug("Starting preprocessing"); - Logger.debug("Got request: " + request.toString()); - Logger.debug("Request method: " + request.getMethod()); - for (Object o : Collections.list(request.getHeaderNames())) { - Logger.debug("Request header: " + o.toString() + ":::" + request.getHeader(o.toString())); - } - for (Object o : Collections.list(request.getParameterNames())) { - Logger.debug("Request parameter: " + o.toString() + "::::" + request.getParameter(o.toString())); - } - - Logger.debug("Request content length: " + request.getContentLength()); - Logger.debug("Request query: " + request.getQueryString()); - Logger.debug("Response: " + response.toString()); - Logger.debug("Action: " + action); - - Logger.debug("Processing saml request"); - String SAMLRequest = request.getParameter("SAMLRequest"); - - HTTPInTransport profileReq = new HttpServletRequestAdapter(request); - HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure()); - - - BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); - samlMessageContext.setInboundMessageTransport(profileReq); - - HTTPPostDecoder postDecoder = new HTTPPostDecoder(); - postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator - - try { - Logger.debug("Attempting to decode request..."); - postDecoder.decode(samlMessageContext); - } catch (Exception e) { - Logger.error("Error decoding STORKAuthnRequest", e); - } - - STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); - //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage(); - STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); - STORK2Request.setSTORKAuthnRequest(ST2Req); - - Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode()); - Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel()); - Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); - - - return STORK2Request; - } - - public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { - return null; - } - - public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { - return false; - } - - public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { - return false; - } -} - - diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java new file mode 100644 index 000000000..15096083e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -0,0 +1,127 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.messages.saml.impl.STORKAuthnRequestImpl; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.ws.transport.http.HTTPInTransport; +import org.opensaml.ws.transport.http.HTTPOutTransport; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Collections; +import java.util.HashMap; + +/** + * Stork 2 Protocol Support + * Date: 11/29/13, Time: 12:32 PM + * @author bsuzic + */ +public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { + + public static final String NAME = STORKProtocol.class.getName(); + public static final String PATH = "id_stork2"; + + public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; + + private static HashMap actions = new HashMap(); + + static { + + actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); + + instance = new STORKProtocol(); + } + + private static STORKProtocol instance = null; + + + public String getName() { + return NAME; + } + + public String getPath() { + return PATH; + } + + public IAction getAction(String action) { + return actions.get(action); + } + + /* + First request step - send it to BKU selection for user authentication. After the user credentials + and other info are obtained, in the second step the request will be processed and the user redirected + */ + public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { + Logger.debug("Starting preprocessing"); + Logger.debug("Got request: " + request.toString()); + Logger.debug("Request method: " + request.getMethod()); + for (Object o : Collections.list(request.getHeaderNames())) { + Logger.debug("Request header: " + o.toString() + ":::" + request.getHeader(o.toString())); + } + for (Object o : Collections.list(request.getParameterNames())) { + Logger.debug("Request parameter: " + o.toString() + "::::" + request.getParameter(o.toString())); + } + + Logger.debug("Request content length: " + request.getContentLength()); + Logger.debug("Request query: " + request.getQueryString()); + Logger.debug("Response: " + response.toString()); + Logger.debug("Action: " + action); + + Logger.debug("Processing saml request"); + String SAMLRequest = request.getParameter("SAMLRequest"); + + HTTPInTransport profileReq = new HttpServletRequestAdapter(request); + HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure()); + + + BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); + samlMessageContext.setInboundMessageTransport(profileReq); + + HTTPPostDecoder postDecoder = new HTTPPostDecoder(); + postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator + + try { + Logger.debug("Attempting to decode request..."); + postDecoder.decode(samlMessageContext); + } catch (Exception e) { + Logger.error("Error decoding STORKAuthnRequest", e); + } + + STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); + //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage(); + STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); + STORK2Request.setSTORKAuthnRequest(ST2Req); + + Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode()); + Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel()); + Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); + + + return STORK2Request; + } + + public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { + return null; + } + + public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { + return false; + } + + public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { + return false; + } +} + + -- cgit v1.2.3 From 1243688780cea8031c1aa33d7f4e43e7a834bae1 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 22 Jan 2014 12:35:57 +0100 Subject: disabling verification for test purposes --- .../auth/validator/VerifyXMLSignatureResponseValidator.java | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 1a06ef2f4..2fe540af5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -101,11 +101,12 @@ public class VerifyXMLSignatureResponseValidator { checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null); if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5) checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null); - - if (whatToCheck.equals(CHECK_IDENTITY_LINK)) - throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); - else - throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); + + // TEST CARDS + // if (whatToCheck.equals(CHECK_IDENTITY_LINK)) + // throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); + // else + // throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); } if (ignoreManifestValidationResult) { -- cgit v1.2.3 From 52dabc099bc80230128a621aa14f1010ba12221e Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 22 Jan 2014 18:26:58 +0100 Subject: peps saml engine adjustment --- .../id/protocols/stork2/AuthenticationRequest.java | 1 + .../moa/id/protocols/stork2/STORKAuthnReq.java | 73 ++++++++++++++++++++++ .../id/protocols/stork2/STORKAuthnRequestDEL.java | 4 +- 3 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 49b6bba8a..d5430a358 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -24,6 +24,7 @@ import java.io.IOException; import java.io.OutputStreamWriter; import java.io.Writer; import java.util.HashMap; +import eu.stork.peps.auth.engine.SAMLEngine; /** * @author bsuzic diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java new file mode 100644 index 000000000..c79423ffc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java @@ -0,0 +1,73 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.moduls.IRequest; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + + + +/** + * @author bsuzic + * Date: 1/22/14, Time: 5:30 PM + */ +public class STORKAuthnReq implements IRequest { + private String requestID; + private String target = null; + String module = null; + String action = null; + private STORKAuthnRequest storkAuthnRequest; + + public void setSTORKAuthnRequest(STORKAuthnRequest request) { + this.storkAuthnRequest = request; + } + + public STORKAuthnRequest getStorkAuthnRequest() { + return this.storkAuthnRequest; + } + + + public String getOAURL() { + return "https://sp:8889/SP"; // + } + + public boolean isPassiv() { + return false; // + } + + public boolean forceAuth() { + return false; // + } + + public boolean isSSOSupported() { + return false; // + } + + public String requestedModule() { + return this.module; // + } + + public String requestedAction() { + return action; // + } + + public void setModule(String module) { + this.module = module; + } + + public void setAction(String action) { + this.action = action; + } + + public String getTarget() { + return this.target; // + } + + public void setRequestID(String id) { + this.requestID = id; + } + + public String getRequestID() { + return this.requestID; // + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java index 9e3e7f53d..57dfad73f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java @@ -16,13 +16,13 @@ public class STORKAuthnRequestDEL implements IRequest { private String target = null; String module = null; String action = null; - private STORKAuthnRequest storkAuthnRequest; + private eu.stork.mw.messages.saml.STORKAuthnRequest storkAuthnRequest; public void setSTORKAuthnRequest(STORKAuthnRequestImpl request) { this.storkAuthnRequest = request; } - public STORKAuthnRequest getStorkAuthnRequest() { + public eu.stork.mw.messages.saml.STORKAuthnRequest getStorkAuthnRequest() { return this.storkAuthnRequest; } -- cgit v1.2.3 From ed9ad9b0c13ee0de3231bab038f35b01beeb0d0b Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 23 Jan 2014 12:34:14 +0100 Subject: saml peps engine changeS --- .../moa/id/protocols/stork2/STORKAuthnReq.java | 32 +++++++++++++++++++++- .../moa/id/protocols/stork2/STORKProtocol.java | 4 +++ 2 files changed, 35 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java index c79423ffc..9bf4ed0d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java @@ -1,8 +1,12 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.STORKAuthnRequest; - +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.ws.transport.http.HTTPInTransport; /** @@ -24,6 +28,32 @@ public class STORKAuthnReq implements IRequest { return this.storkAuthnRequest; } + public void createStorkReq(HTTPInTransport profileReq) { + Logger.debug("Generate stork request test..."); + storkAuthnRequest = new STORKAuthnRequest(); + + BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); + samlMessageContext.setInboundMessageTransport(profileReq); + + HTTPPostDecoder postDecoder = new HTTPPostDecoder(); + postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator + + try { + Logger.debug("Attempting to decode request..."); + postDecoder.decode(samlMessageContext); + } catch (Exception e) { + Logger.error("Error decoding STORKAuthnRequest", e); + } + + + storkAuthnRequest = (STORKAuthnRequest)samlMessageContext.getInboundSAMLMessage(); + samlMessageContext.getinbound + storkAuthnRequest.set + + } + + + public String getOAURL() { return "https://sp:8889/SP"; // diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 15096083e..e99079191 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -108,6 +108,10 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); + STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); + + + return STORK2Request; } -- cgit v1.2.3 From 65fb688c9323696fcc12e1c049a2b6a75d6ff1e5 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Feb 2014 17:25:09 +0100 Subject: merging with other code --- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 1 + .../at/gv/egovernment/moa/id/config/stork/STORKConfig.java | 13 +++++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index b356c6f35..41be2c7e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -331,6 +331,7 @@ public class PEPSConnectorServlet extends AuthServlet { //TODO: found better solution, but QAA Level in response could be not supported yet try { + moasession.setQAALevel(authnResponse.getAssertions().get(0). getAuthnStatements().get(0).getAuthnContext(). getAuthnContextClassRef().getAuthnContextClassRef()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 67638cafd..b340d2449 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -25,6 +25,7 @@ */ package at.gv.egovernment.moa.id.config.stork; +import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; import java.util.ArrayList; @@ -33,10 +34,15 @@ import java.util.List; import java.util.Map; import java.util.Properties; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.xml.sax.SAXException; + +import javax.xml.parsers.ParserConfigurationException; /** * Encapsulates several STORK configuration parameters according MOA configuration @@ -73,7 +79,8 @@ public class STORKConfig { } catch (MalformedURLException e) { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid URL and is ignored."); - } catch (ParserConfigurationException e) { + } + /*catch (ParserConfigurationException e) { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); } catch (SAXException e) { @@ -85,7 +92,7 @@ public class STORKConfig { } catch (MessageEncodingException e) { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); - } + }*/ } SAMLSigningParameter samlsign = stork.getSAMLSigningParameter(); // TODO Fix nullpointerexception when nothing is configured @@ -100,6 +107,8 @@ public class STORKConfig { } + } + public SignatureCreationParameter getSignatureCreationParameter() { return new SignatureCreationParameter(props, basedirectory); -- cgit v1.2.3 From c3745720650268de1f1b06e2b3dc891122ace9bb Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 5 Feb 2014 12:38:45 +0100 Subject: changing some stork parameters; adjusting spss maven config --- .../moa/id/auth/AuthenticationServer.java | 2 +- .../id/protocols/stork2/AuthenticationRequest.java | 12 +++++---- .../id/protocols/stork2/STORKAuthnRequestDEL.java | 9 +++---- .../moa/id/protocols/stork2/STORKProtocol.java | 31 +++++++++++++++++++--- 4 files changed, 40 insertions(+), 14 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 06d5b01bd..4b3995105 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1862,7 +1862,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); - Logger.debug("Preparing to assemble STORK AuthnRequest witt the following values:"); + Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); String destination = cpeps.getPepsURL().toExternalForm(); Logger.debug("C-PEPS URL: " + destination); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 297c5f366..7e80273ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -5,16 +5,11 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.api.messages.StartAuthResponse; -import eu.stork.vidp.messages.stork.SpInstitution; -import eu.stork.vidp.messages.util.SAMLUtil; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; - import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -49,6 +44,7 @@ public class AuthenticationRequest implements IAction { httpResp.reset(); //httpResp.addHeader("Location", "http:/www.google.com"); if (req instanceof STORKAuthnRequestDEL) { + /* Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); @@ -78,6 +74,8 @@ public class AuthenticationRequest implements IAction { throw new MOAIDException("error response sending", new Object[]{}); } //httpSession.setAttribute("CCC", ccc); + + */ } @@ -93,6 +91,8 @@ public class AuthenticationRequest implements IAction { } + /* + public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) { StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap()); @@ -141,6 +141,8 @@ public class AuthenticationRequest implements IAction { return authResponse; } + */ + public String getDefaultActionName() { return STORKProtocol.AUTHENTICATIONREQUEST; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java index 57dfad73f..c8a5ac84d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java @@ -1,8 +1,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.moduls.IRequest; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.messages.saml.impl.STORKAuthnRequestImpl; +import eu.stork.peps.auth.commons.STORKAuthnRequest; import org.opensaml.common.xml.SAMLConstants; /** @@ -16,13 +15,13 @@ public class STORKAuthnRequestDEL implements IRequest { private String target = null; String module = null; String action = null; - private eu.stork.mw.messages.saml.STORKAuthnRequest storkAuthnRequest; + private STORKAuthnRequest storkAuthnRequest; - public void setSTORKAuthnRequest(STORKAuthnRequestImpl request) { + public void setSTORKAuthnRequest(STORKAuthnRequest request) { this.storkAuthnRequest = request; } - public eu.stork.mw.messages.saml.STORKAuthnRequest getStorkAuthnRequest() { + public STORKAuthnRequest getStorkAuthnRequest() { return this.storkAuthnRequest; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index e99079191..2c47620e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -8,14 +8,16 @@ import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.messages.saml.impl.STORKAuthnRequestImpl; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.ws.transport.http.HTTPInTransport; import org.opensaml.ws.transport.http.HTTPOutTransport; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import eu.stork.peps.auth.commons.STORKAuthnRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -97,6 +99,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } catch (Exception e) { Logger.error("Error decoding STORKAuthnRequest", e); } + /* STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage(); @@ -107,10 +110,32 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel()); Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); - + */ STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); + STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); + + + //extract STORK Response from HTTP Request + //Decodes SAML Response + + /* + byte[] decSamlToken; + try { + decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); + } catch(NullPointerException e) { + Logger.error("Unable to retrieve STORK Response", e); + throw new MOAIDException("stork.04", null); + } + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing"); + + STORKAuthnResponse authnResponse = null; + PEPSUtil.decode + engine.validateSTORKAuthnRequest() + */ return STORK2Request; } -- cgit v1.2.3 From 5688777cebee5a6e7dd27c88aed5a8f98abd690f Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 5 Feb 2014 14:26:46 +0100 Subject: config changes; review and correct later, configuration missing --- .../moa/id/config/stork/STORKConfig.java | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index b340d2449..659035337 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -65,8 +65,9 @@ public class STORKConfig { this.props = props; //create CPEPS map - List cpeps = stork.getCPEPS(); - + //List cpeps = stork.getCPEPS(); + List cpeps = new ArrayList(); // TODO Change this + cpepsMap = new HashMap(); for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) { @@ -94,16 +95,25 @@ public class STORKConfig { + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); }*/ } - - SAMLSigningParameter samlsign = stork.getSAMLSigningParameter(); // TODO Fix nullpointerexception when nothing is configured - + + SAMLSigningParameter samlsign = null; + try { + samlsign = stork.getSAMLSigningParameter(); // TODO Fix nullpointerexception when nothing is configured + } + catch (Exception ex) { + Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found."); + } + if (samlsign == null) { Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found."); attr = new ArrayList(); + try { for(StorkAttribute current : stork.getAttributes()) { attr.add(current); - } + } } catch (Exception ex) { // TODO FIX FIX + Logger.warn("Error in MOA-ID Configuration. No STORK->Attributes found."); + } } -- cgit v1.2.3 From 337c5b67682f893e7907d018077e3fb55c6d5dd6 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 5 Feb 2014 17:49:06 +0100 Subject: saml changes --- .../moa/id/protocols/stork2/STORKProtocol.java | 37 ++++++++++++++++------ 1 file changed, 27 insertions(+), 10 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 2c47620e1..2e42a0d75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -11,6 +11,7 @@ import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.ws.transport.http.HTTPInTransport; @@ -60,10 +61,14 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { return actions.get(action); } + public STORKProtocol() { + super(); // + } + /* - First request step - send it to BKU selection for user authentication. After the user credentials - and other info are obtained, in the second step the request will be processed and the user redirected - */ + First request step - send it to BKU selection for user authentication. After the user credentials + and other info are obtained, in the second step the request will be processed and the user redirected + */ public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { Logger.debug("Starting preprocessing"); Logger.debug("Got request: " + request.toString()); @@ -120,22 +125,34 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { //extract STORK Response from HTTP Request //Decodes SAML Response - /* + byte[] decSamlToken; try { - decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); + decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest")); } catch(NullPointerException e) { Logger.error("Unable to retrieve STORK Response", e); throw new MOAIDException("stork.04", null); } //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing"); + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); + + STORKAuthnRequest authnRequest = null; + Logger.error("decsamltoken" +decSamlToken.toString()); + + try { + authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate storkrkauthnreqeust" + ex.getMessage() ); + } + + Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL()); + Logger.error("cc " + authnRequest.getCitizenCountryCode()); + Logger.error("iss " + authnRequest.getIssuer()); + Logger.error("spid " + authnRequest.getSPID()); + Logger.error("spi " + authnRequest.getSpInstitution()); + - STORKAuthnResponse authnResponse = null; - PEPSUtil.decode - engine.validateSTORKAuthnRequest() - */ return STORK2Request; } -- cgit v1.2.3 From 4c104d5d8349195007d19a13ed54426f9fe7b49a Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 6 Feb 2014 18:29:23 +0100 Subject: iml --- .../id/protocols/stork2/AuthenticationRequest.java | 99 +++++++++++++++++++++- .../moa/id/protocols/stork2/STORKProtocol.java | 1 + 2 files changed, 96 insertions(+), 4 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 7e80273ca..1971fe12d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -2,9 +2,16 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; +import edu.emory.mathcs.backport.java.util.Collections; +import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.commons.io.IOUtils; +import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; @@ -14,12 +21,11 @@ import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStreamWriter; -import java.io.Writer; +import java.io.*; +import java.util.ArrayList; import java.util.HashMap; import eu.stork.peps.auth.engine.SAMLEngine; +import sun.rmi.runtime.Log; /** * @author bsuzic @@ -40,6 +46,7 @@ public class AuthenticationRequest implements IAction { Logger.debug("Starting AuthenticationRequest"); //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); Logger.debug("Http Response: " + httpResp.toString() + ", "); + Logger.debug("Remote user: " + httpReq.getRemoteAddr()); Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); httpResp.reset(); //httpResp.addHeader("Location", "http:/www.google.com"); @@ -82,6 +89,90 @@ public class AuthenticationRequest implements IAction { //httpResp.setStatus(200); //VPEPSInboundPostHandler + // - prepare attribute list + PersonalAttributeList attributeList = new PersonalAttributeList(); + + STORKAuthnResponse authnResponse = new STORKAuthnResponse(); + authnResponse.setCountry("AT"); + + + try { + + IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); + + for (PersonalAttribute personalAttribute : moaAttrList) { + Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); + if (personalAttribute.getValue().size() > 0) { + for (String value : personalAttribute.getValue()) { + Logger.info(" Value found: " + value); + } + } + } + + } catch (Exception e) { + Logger.error("Exception, attributes: " + e.getMessage()); + } + + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName("eIdentifier"); + newAttribute.setValue(new ArrayList(Collections.singletonList("xxxxxxxxxxxxxxx"))); + attributeList.add(newAttribute); + authnResponse.setPersonalAttributeList(attributeList); + + + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); + Logger.debug("Starting generation of SAML response"); + authnResponse = engine.generateSTORKAuthnResponse(((STORKAuthnRequestDEL)req).getStorkAuthnRequest(),authnResponse,httpReq.getRemoteAddr(),false); + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + }catch(STORKSAMLEngineException e){ + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + Logger.info("STORK SAML Response message succesfully generated "); + Logger.debug("STORK response: "); + + Logger.debug("authn response string: " + authnResponse.toString()); + + String statusCodeValue = authnResponse.getStatusCode(); + Logger.debug("authn status code value: " + statusCodeValue); + + try { + Logger.debug("authn saml:" + IOUtils.toString(authnResponse.getTokenSaml())); + + } catch (IOException e) { + e.printStackTrace(); + } + + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + //Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); + + context.put("SAMLResponse", IOUtils.toString(authnResponse.getTokenSaml())); + Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); + + Logger.info("Putting assertion consumer url as action: " + ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + context.put("action", ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + httpResp.getOutputStream().write(writer.toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + } + + HttpSession httpSession = httpReq.getSession(); + httpSession.setAttribute("STORKSessionID", "12345"); + Logger.info("Status code: " + authnResponse.getStatusCode()); + + + return "12345"; // AssertionId } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 2e42a0d75..9564afa27 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -153,6 +153,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.error("spi " + authnRequest.getSpInstitution()); + STORK2Request.setSTORKAuthnRequest(authnRequest); return STORK2Request; } -- cgit v1.2.3 From 639017a14904323c0eb2cd5d8cccf65ad8f2a841 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 11 Feb 2014 10:33:48 +0100 Subject: sketched stork attribute provider framework --- .../id/protocols/stork2/AttributeCollector.java | 70 +++++++++++++++++++ .../moa/id/protocols/stork2/AttributeProvider.java | 32 +++++++++ .../id/protocols/stork2/AuthenticationRequest.java | 19 +++++- .../moa/id/protocols/stork2/DataContainer.java | 79 ++++++++++++++++++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 1 + .../stork2/UnsupportedAttributeException.java | 7 ++ 6 files changed, 205 insertions(+), 3 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/UnsupportedAttributeException.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java new file mode 100644 index 000000000..fbc959cc4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -0,0 +1,70 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. + * The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes. + * Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user + * interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes. + * + * TODO how do we treat mandatory and optional attributes? + * + */ +public class AttributeCollector implements IAction { + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) + */ + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + // check if we have a STORKAttributeResponse in the request + // - no, how did we get here? + // yes, we got a recent requested attribute + // - find the attribute provider plugin that can handle the response + // - fetch the container + DataContainer container = new DataContainer(); + // - insert the embedded attribute(s) into the container + + // see if we need some more attributes + return processRequest(container); + } + + /** + * Checks if there are missing attributes and tries to fetch them. If there are no more attribute to fetch, + * this very method creates and sends the protocol result to the asking S-PEPS. + * + * @param container the {@link DataContainer} representing the status of the overall query. + * @return the string + */ + public String processRequest(DataContainer container) { + // check if there are attributes we need to fetch + // for each attribute still missing + // - check if we can find a suitable AttributeProvider Plugin + // - hand over control to the suitable plugin + // - add the aquired attribute to the container + // build response + // done + return "12345"; // AssertionId + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + // this action does not need any authentication. The authentication is already done by the preceeding AuthenticationRequest-Action. + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + public String getDefaultActionName() { + return STORKProtocol.ATTRIBUTE_COLLECTOR; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java new file mode 100644 index 000000000..2e4f2d8c5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -0,0 +1,32 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import javax.activation.UnsupportedDataTypeException; +import javax.servlet.http.HttpServletRequest; + +import eu.stork.peps.auth.commons.PersonalAttribute; + +/** + * An {@link AttributeProvider} can fetch a set of stork attributes. It might complete the query within one method call, + * but might also need to redirect to another webservice to accomplish its task. + */ +public interface AttributeProvider { + + /** + * Acquire the specified attribute. Returns {@code null} when attribute retrieval is in progress, but requires for + * for redirecting the user to an external service. Use {@link AttributeProvider#parse(HttpServletRequest)} to parse + * the response. + * + * @param attributeName the attribute name + * @return the personal attribute + * @throws UnsupportedDataTypeException when the provider cannot acquire the specified attribute + */ + public PersonalAttribute acquire(String attributeName) throws UnsupportedAttributeException; + + /** + * Parses the response we got from the external attribute provider. + * + * @param httpReq the http req + * @return the personal attribute + */ + public PersonalAttribute parse(HttpServletRequest httpReq); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 7e80273ca..1f6ffaa9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -4,6 +4,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; @@ -81,9 +82,21 @@ public class AuthenticationRequest implements IAction { //httpResp.setStatus(200); //VPEPSInboundPostHandler - - - return "12345"; // AssertionId + + // create fresh container + DataContainer container = new DataContainer(); + + // - fill in the request we extracted above + container.setRequest(request); + + // - fill in the partial response created above + container.setResponse(response); + + // - memorize the target url were we have to return the result + container.setTarget(target); + + // see if we need to fetch further attributes + return (new AttributeCollector()).processRequest(container); } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java new file mode 100644 index 000000000..40c827ef8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java @@ -0,0 +1,79 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.io.Serializable; + +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; + +// TODO: Auto-generated Javadoc +/** + * Holds info about an ongoing but yet incomplete stork authnrequest process. + */ +public class DataContainer implements Serializable { + + /** The Constant serialVersionUID. */ + private static final long serialVersionUID = -8765997480582363012L; + + /** The incoming request. */ + private STORKAuthnRequest request; + + /** The yet incomplete response. */ + private STORKAuthnResponse response; + + /** The target. */ + private String target; + + /** + * Gets the request. + * + * @return the request + */ + public STORKAuthnRequest getRequest() { + return request; + } + + /** + * Sets the request. + * + * @param request the new request + */ + public void setRequest(STORKAuthnRequest request) { + this.request = request; + } + + /** + * Gets the response. + * + * @return the response + */ + public STORKAuthnResponse getResponse() { + return response; + } + + /** + * Sets the response. + * + * @param response the new response + */ + public void setResponse(STORKAuthnResponse response) { + this.response = response; + } + + /** + * Gets the target. + * + * @return the target + */ + public String getTarget() { + return target; + } + + /** + * Sets the target. + * + * @param target the new target + */ + public void setTarget(String target) { + this.target = target; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 2e42a0d75..323d9ba8e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -36,6 +36,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { public static final String PATH = "id_stork2"; public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; + public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector"; private static HashMap actions = new HashMap(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/UnsupportedAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/UnsupportedAttributeException.java new file mode 100644 index 000000000..9447c079f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/UnsupportedAttributeException.java @@ -0,0 +1,7 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +public class UnsupportedAttributeException extends Exception { + + private static final long serialVersionUID = -7720066381435378111L; + +} -- cgit v1.2.3 From 95ea36e8b84de119165ce8c14fc5c1e9facd797f Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 11 Feb 2014 11:01:32 +0100 Subject: added ap logic #1 --- .../id/protocols/stork2/AttributeCollector.java | 38 +++++++++++++++++++--- .../stork2/DemoNoRedirectAttributeProvider.java | 32 ++++++++++++++++++ 2 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index fbc959cc4..b93b31b49 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -1,12 +1,19 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.util.ArrayList; +import java.util.List; + import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; + /** * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. * The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes. @@ -17,6 +24,14 @@ import javax.servlet.http.HttpServletResponse; * */ public class AttributeCollector implements IAction { + + private ArrayList attributeProviders; + + public AttributeCollector() { + // TODO generate from config + attributeProviders = new ArrayList(); + attributeProviders.add(new DemoNoRedirectAttributeProvider()); + } /* (non-Javadoc) @@ -44,10 +59,25 @@ public class AttributeCollector implements IAction { */ public String processRequest(DataContainer container) { // check if there are attributes we need to fetch - // for each attribute still missing - // - check if we can find a suitable AttributeProvider Plugin - // - hand over control to the suitable plugin - // - add the aquired attribute to the container + List missingAttributes = new ArrayList(); + try { + // for each attribute still missing + + for(String currentAttribute : missingAttributes) { + // - check if we can find a suitable AttributeProvider Plugin + for(AttributeProvider currentProvider : attributeProviders) { + // - hand over control to the suitable plugin + PersonalAttribute aquiredAttribute = currentProvider.acquire(currentAttribute); + + // - add the aquired attribute to the container + container.getResponse().getPersonalAttributeList().add(aquiredAttribute); + } + } + } catch(UnsupportedAttributeException e) { + // TODO + // memorize the container again + return "12345"; // TODO what to do here? + } // build response // done return "12345"; // AssertionId diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java new file mode 100644 index 000000000..23afc2544 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -0,0 +1,32 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.ArrayList; + +import javax.servlet.http.HttpServletRequest; + +import eu.stork.peps.auth.commons.PersonalAttribute; + +/** + * Just a simple demoprovider who can fetch any attribute you ask him. + */ +public class DemoNoRedirectAttributeProvider implements AttributeProvider { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) + */ + @Override + public PersonalAttribute acquire(String attributeName) + throws UnsupportedAttributeException { + return new PersonalAttribute("sepp", true, new ArrayList(), ""); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) + */ + @Override + public PersonalAttribute parse(HttpServletRequest httpReq) { + // TODO Auto-generated method stub + return null; + } + +} -- cgit v1.2.3 From 366d0f285e0e1a2fa89e512d91f349488cbc82d9 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 11 Feb 2014 13:15:14 +0100 Subject: find missing attributes --- .../gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index b93b31b49..e74cf4e8b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -59,10 +59,15 @@ public class AttributeCollector implements IAction { */ public String processRequest(DataContainer container) { // check if there are attributes we need to fetch + IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); + IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); List missingAttributes = new ArrayList(); + for(PersonalAttribute current : requestAttributeList) + if(!responseAttributeList.containsKey(current)) + missingAttributes.add(current.getName()); + try { // for each attribute still missing - for(String currentAttribute : missingAttributes) { // - check if we can find a suitable AttributeProvider Plugin for(AttributeProvider currentProvider : attributeProviders) { -- cgit v1.2.3 From d8302a2f7f3aae63593cd55bf0d5d4a4f9e5f55a Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 12 Feb 2014 11:37:06 +0100 Subject: sketched redirecting ap plugin --- .../id/protocols/stork2/AttributeCollector.java | 46 +++++++++++++++++----- .../moa/id/protocols/stork2/AttributeProvider.java | 2 +- .../stork2/AttributeRequestOngoingException.java | 5 +++ .../stork2/DemoRedirectAttributeProvider.java | 31 +++++++++++++++ 4 files changed, 73 insertions(+), 11 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index e74cf4e8b..93204f2ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -7,10 +7,14 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.logging.Logger; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; + import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -30,6 +34,7 @@ public class AttributeCollector implements IAction { public AttributeCollector() { // TODO generate from config attributeProviders = new ArrayList(); + attributeProviders.add(new DemoRedirectAttributeProvider()); attributeProviders.add(new DemoNoRedirectAttributeProvider()); } @@ -56,8 +61,9 @@ public class AttributeCollector implements IAction { * * @param container the {@link DataContainer} representing the status of the overall query. * @return the string + * @throws MOAIDException */ - public String processRequest(DataContainer container) { + public String processRequest(DataContainer container) throws MOAIDException { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -71,18 +77,38 @@ public class AttributeCollector implements IAction { for(String currentAttribute : missingAttributes) { // - check if we can find a suitable AttributeProvider Plugin for(AttributeProvider currentProvider : attributeProviders) { - // - hand over control to the suitable plugin - PersonalAttribute aquiredAttribute = currentProvider.acquire(currentAttribute); + try { + // - hand over control to the suitable plugin + PersonalAttribute aquiredAttribute = currentProvider.acquire(currentAttribute); + + // - add the aquired attribute to the container + container.getResponse().getPersonalAttributeList().add(aquiredAttribute); + } catch(UnsupportedAttributeException e) { + // ok, try the next attributeprovider + } - // - add the aquired attribute to the container - container.getResponse().getPersonalAttributeList().add(aquiredAttribute); } } - } catch(UnsupportedAttributeException e) { - // TODO - // memorize the container again - return "12345"; // TODO what to do here? - } + } catch (AttributeRequestOngoingException e) { + // the attribute request is ongoing and requires an external service. + try { + // memorize the container again + // - generate new key + String newArtifactId = new SecureRandomIdentifierGenerator() + .generateIdentifier(); + + // - put container in temporary store. + AssertionStorage.getInstance().put(newArtifactId, container); + + // TODO - add container-key to httpresponse + } catch (Exception e1) { + // TODO should we return the response as is to the PEPS? + Logger.error("Error putting incomplete Stork response into temporary storage", e); + throw new MOAIDException("stork.11", null); + } + + return "12345"; // TODO what to do here? + } // build response // done return "12345"; // AssertionId diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 2e4f2d8c5..fd35b0c71 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -20,7 +20,7 @@ public interface AttributeProvider { * @return the personal attribute * @throws UnsupportedDataTypeException when the provider cannot acquire the specified attribute */ - public PersonalAttribute acquire(String attributeName) throws UnsupportedAttributeException; + public PersonalAttribute acquire(String attributeName) throws UnsupportedAttributeException, AttributeRequestOngoingException; /** * Parses the response we got from the external attribute provider. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java new file mode 100644 index 000000000..be5a53f34 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java @@ -0,0 +1,5 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +public class AttributeRequestOngoingException extends Exception { + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java new file mode 100644 index 000000000..f44fbed07 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -0,0 +1,31 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.ArrayList; + +import javax.servlet.http.HttpServletRequest; + +import eu.stork.peps.auth.commons.PersonalAttribute; + +/** + * Just a simple demoprovider who can fetch any attribute you ask him. + */ +public class DemoRedirectAttributeProvider implements AttributeProvider { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) + */ + @Override + public PersonalAttribute acquire(String attributeName) + throws UnsupportedAttributeException, AttributeRequestOngoingException { + throw new AttributeRequestOngoingException(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) + */ + @Override + public PersonalAttribute parse(HttpServletRequest httpReq) { + return new PersonalAttribute("sepp", true, new ArrayList(), ""); + } + +} -- cgit v1.2.3 From a330b17e3ddc93181c8142b7c0ae871af528157f Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 17:47:53 +0100 Subject: added ap logic #2 --- .../moa/id/protocols/stork2/AttributeCollector.java | 6 ++++-- .../moa/id/protocols/stork2/AttributeProvider.java | 14 +++++++++++--- .../protocols/stork2/AttributeRequestOngoingException.java | 5 ----- .../protocols/stork2/DemoNoRedirectAttributeProvider.java | 5 +++++ .../id/protocols/stork2/DemoRedirectAttributeProvider.java | 13 +++++++++++-- .../stork2/ExternalAttributeRequestRequiredException.java | 14 ++++++++++++++ 6 files changed, 45 insertions(+), 12 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 93204f2ab..30f7d3df2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -89,7 +89,7 @@ public class AttributeCollector implements IAction { } } - } catch (AttributeRequestOngoingException e) { + } catch (ExternalAttributeRequestRequiredException e) { // the attribute request is ongoing and requires an external service. try { // memorize the container again @@ -100,7 +100,9 @@ public class AttributeCollector implements IAction { // - put container in temporary store. AssertionStorage.getInstance().put(newArtifactId, container); - // TODO - add container-key to httpresponse + // add container-key to redirect embedded within the return URL + // TODO find correct returnURL + e.getAp().performRedirect("returnURL"); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index fd35b0c71..2c024e822 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import javax.activation.UnsupportedDataTypeException; import javax.servlet.http.HttpServletRequest; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -18,10 +17,18 @@ public interface AttributeProvider { * * @param attributeName the attribute name * @return the personal attribute - * @throws UnsupportedDataTypeException when the provider cannot acquire the specified attribute + * @throws UnsupportedAttributeException the unsupported attribute exception + * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done */ - public PersonalAttribute acquire(String attributeName) throws UnsupportedAttributeException, AttributeRequestOngoingException; + public PersonalAttribute acquire(String attributeName) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException; + /** + * Perform redirect. + * + * @param url the return URL ending with ?artifactId=... + */ + public void performRedirect(String url); + /** * Parses the response we got from the external attribute provider. * @@ -29,4 +36,5 @@ public interface AttributeProvider { * @return the personal attribute */ public PersonalAttribute parse(HttpServletRequest httpReq); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java deleted file mode 100644 index be5a53f34..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeRequestOngoingException.java +++ /dev/null @@ -1,5 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -public class AttributeRequestOngoingException extends Exception { - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 23afc2544..978fa635c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -29,4 +29,9 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { return null; } + @Override + public void performRedirect(String url) { + // we should not get here + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index f44fbed07..13b113711 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -16,8 +16,8 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { */ @Override public PersonalAttribute acquire(String attributeName) - throws UnsupportedAttributeException, AttributeRequestOngoingException { - throw new AttributeRequestOngoingException(); + throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { + throw new ExternalAttributeRequestRequiredException(this); } /* (non-Javadoc) @@ -28,4 +28,13 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { return new PersonalAttribute("sepp", true, new ArrayList(), ""); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) + */ + @Override + public void performRedirect(String url) { + // TODO Auto-generated method stub + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java new file mode 100644 index 000000000..29b09487b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java @@ -0,0 +1,14 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +public class ExternalAttributeRequestRequiredException extends Exception { + private AttributeProvider ap; + + public ExternalAttributeRequestRequiredException(AttributeProvider provider) { + ap = provider; + } + + public AttributeProvider getAp() { + return ap; + } + +} -- cgit v1.2.3 From dcb3a469f10ef2d30d34c50983224db9d9fd85c6 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 17:55:17 +0100 Subject: refactor magic strings to constants --- .../moa/id/protocols/stork2/AttributeCollector.java | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 30f7d3df2..0025307dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -29,8 +29,15 @@ import eu.stork.peps.auth.commons.PersonalAttribute; */ public class AttributeCollector implements IAction { + /** The Constant ARTIFACT_ID. */ + private static final String ARTIFACT_ID = "artifactId"; + private ArrayList attributeProviders; + /** The return url. */ + // TODO find correct return URL + private String returnUrl = "findCorrectReturnURL"; + public AttributeCollector() { // TODO generate from config attributeProviders = new ArrayList(); @@ -101,8 +108,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - // TODO find correct returnURL - e.getAp().performRedirect("returnURL"); + e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); @@ -120,7 +126,7 @@ public class AttributeCollector implements IAction { * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { - // this action does not need any authentication. The authentication is already done by the preceeding AuthenticationRequest-Action. + // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. return false; } -- cgit v1.2.3 From f3149ae480fac3e12f9a98cba07d11e297cf39f0 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 18:01:30 +0100 Subject: fetch DataContainer from AssertionStore --- .../moa/id/protocols/stork2/AttributeCollector.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 0025307dd..b333fb4fe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -5,6 +5,7 @@ import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; @@ -55,7 +56,14 @@ public class AttributeCollector implements IAction { // yes, we got a recent requested attribute // - find the attribute provider plugin that can handle the response // - fetch the container - DataContainer container = new DataContainer(); + String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); + DataContainer container; + try { + container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); + } catch (MOADatabaseException e) { + Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); + throw new MOAIDException("stork.11", null); + } // - insert the embedded attribute(s) into the container // see if we need some more attributes -- cgit v1.2.3 From d3099d4ec685e68c25a9198760f8d1661678a85f Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 19:05:48 +0100 Subject: hand AP response to plugin and add result to assertion --- .../moa/id/protocols/stork2/AttributeCollector.java | 19 +++++++++++++++++++ .../moa/id/protocols/stork2/AttributeProvider.java | 3 ++- 2 files changed, 21 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index b333fb4fe..91b09795f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -55,6 +55,23 @@ public class AttributeCollector implements IAction { // - no, how did we get here? // yes, we got a recent requested attribute // - find the attribute provider plugin that can handle the response + PersonalAttribute newAttribute = null; + for (AttributeProvider current : attributeProviders) + try { + newAttribute = current.parse(httpReq); + } catch (UnsupportedAttributeException e1) { + // the current provider cannot find anything familiar within the + // provided httpreq. Try the next one. + } + + if (null == newAttribute) { + // we do not have a provider which is capable of fetching something + // from the received httpreq. + // TODO should we continue with the next attribute? + Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); + throw new MOAIDException("stork.11", null); + } + // - fetch the container String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); DataContainer container; @@ -64,7 +81,9 @@ public class AttributeCollector implements IAction { Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); throw new MOAIDException("stork.11", null); } + // - insert the embedded attribute(s) into the container + container.getResponse().getPersonalAttributeList().add(newAttribute); // see if we need some more attributes return processRequest(container); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 2c024e822..c554485ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -34,7 +34,8 @@ public interface AttributeProvider { * * @param httpReq the http req * @return the personal attribute + * @throws UnsupportedAttributeException if the provider cannot find anything familiar in the provided httpReq */ - public PersonalAttribute parse(HttpServletRequest httpReq); + public PersonalAttribute parse(HttpServletRequest httpReq) throws UnsupportedAttributeException; } -- cgit v1.2.3 From de54a0683a626679df1c110253c8b5ff986ecb71 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 20:24:46 +0100 Subject: added http request and responses to attributeprovider methods --- .../egovernment/moa/id/protocols/stork2/AttributeCollector.java | 6 +++--- .../egovernment/moa/id/protocols/stork2/AttributeProvider.java | 9 +++++++-- .../moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java | 3 ++- .../moa/id/protocols/stork2/DemoRedirectAttributeProvider.java | 3 ++- 4 files changed, 14 insertions(+), 7 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 91b09795f..810b4ae7a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -86,7 +86,7 @@ public class AttributeCollector implements IAction { container.getResponse().getPersonalAttributeList().add(newAttribute); // see if we need some more attributes - return processRequest(container); + return processRequest(container, httpResp); } /** @@ -97,7 +97,7 @@ public class AttributeCollector implements IAction { * @return the string * @throws MOAIDException */ - public String processRequest(DataContainer container) throws MOAIDException { + public String processRequest(DataContainer container, HttpServletResponse response) throws MOAIDException { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -135,7 +135,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId); + e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId, response); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index c554485ee..5ca3bd7e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -1,6 +1,9 @@ package at.gv.egovernment.moa.id.protocols.stork2; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -26,8 +29,9 @@ public interface AttributeProvider { * Perform redirect. * * @param url the return URL ending with ?artifactId=... + * @param resp the response to the preceding request */ - public void performRedirect(String url); + public void performRedirect(String url, HttpServletResponse resp); /** * Parses the response we got from the external attribute provider. @@ -35,7 +39,8 @@ public interface AttributeProvider { * @param httpReq the http req * @return the personal attribute * @throws UnsupportedAttributeException if the provider cannot find anything familiar in the provided httpReq + * @throws MOAIDException if something went wrong */ - public PersonalAttribute parse(HttpServletRequest httpReq) throws UnsupportedAttributeException; + public PersonalAttribute parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 978fa635c..51663ed38 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.util.ArrayList; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -30,7 +31,7 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { } @Override - public void performRedirect(String url) { + public void performRedirect(String url, HttpServletResponse response) { // we should not get here } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index 13b113711..fad049763 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.util.ArrayList; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -32,7 +33,7 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) */ @Override - public void performRedirect(String url) { + public void performRedirect(String url, HttpServletResponse response) { // TODO Auto-generated method stub } -- cgit v1.2.3 From c51df468a54912264b0774396ab622f9fa092cf4 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 20:44:00 +0100 Subject: APprovider can return multiple attributes --- .../moa/id/protocols/stork2/AttributeCollector.java | 20 +++++++++++--------- .../moa/id/protocols/stork2/AttributeProvider.java | 11 +++++++---- .../stork2/DemoNoRedirectAttributeProvider.java | 10 +++++++--- .../stork2/DemoRedirectAttributeProvider.java | 10 +++++++--- 4 files changed, 32 insertions(+), 19 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 810b4ae7a..2e9072f0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -55,16 +55,16 @@ public class AttributeCollector implements IAction { // - no, how did we get here? // yes, we got a recent requested attribute // - find the attribute provider plugin that can handle the response - PersonalAttribute newAttribute = null; + IPersonalAttributeList newAttributes = null; for (AttributeProvider current : attributeProviders) try { - newAttribute = current.parse(httpReq); + newAttributes = current.parse(httpReq); } catch (UnsupportedAttributeException e1) { // the current provider cannot find anything familiar within the // provided httpreq. Try the next one. } - if (null == newAttribute) { + if (null == newAttributes) { // we do not have a provider which is capable of fetching something // from the received httpreq. // TODO should we continue with the next attribute? @@ -83,7 +83,8 @@ public class AttributeCollector implements IAction { } // - insert the embedded attribute(s) into the container - container.getResponse().getPersonalAttributeList().add(newAttribute); + for(PersonalAttribute current : newAttributes) + container.getResponse().getPersonalAttributeList().add(current); // see if we need some more attributes return processRequest(container, httpResp); @@ -101,22 +102,23 @@ public class AttributeCollector implements IAction { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); - List missingAttributes = new ArrayList(); + List missingAttributes = new ArrayList(); for(PersonalAttribute current : requestAttributeList) if(!responseAttributeList.containsKey(current)) - missingAttributes.add(current.getName()); + missingAttributes.add(current); try { // for each attribute still missing - for(String currentAttribute : missingAttributes) { + for(PersonalAttribute currentAttribute : missingAttributes) { // - check if we can find a suitable AttributeProvider Plugin for(AttributeProvider currentProvider : attributeProviders) { try { // - hand over control to the suitable plugin - PersonalAttribute aquiredAttribute = currentProvider.acquire(currentAttribute); + IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute); // - add the aquired attribute to the container - container.getResponse().getPersonalAttributeList().add(aquiredAttribute); + for(PersonalAttribute current : aquiredAttributes) + container.getResponse().getPersonalAttributeList().add(current); } catch(UnsupportedAttributeException e) { // ok, try the next attributeprovider } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 5ca3bd7e1..e1f5620a8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -1,10 +1,13 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.util.List; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; /** @@ -18,12 +21,12 @@ public interface AttributeProvider { * for redirecting the user to an external service. Use {@link AttributeProvider#parse(HttpServletRequest)} to parse * the response. * - * @param attributeName the attribute name + * @param attributes the list of attributes to be acquired * @return the personal attribute * @throws UnsupportedAttributeException the unsupported attribute exception * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done */ - public PersonalAttribute acquire(String attributeName) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException; + public IPersonalAttributeList acquire(PersonalAttribute attributes) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException; /** * Perform redirect. @@ -37,10 +40,10 @@ public interface AttributeProvider { * Parses the response we got from the external attribute provider. * * @param httpReq the http req - * @return the personal attribute + * @return a list of attributes * @throws UnsupportedAttributeException if the provider cannot find anything familiar in the provided httpReq * @throws MOAIDException if something went wrong */ - public PersonalAttribute parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 51663ed38..a38cfed96 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -5,7 +5,9 @@ import java.util.ArrayList; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; /** * Just a simple demoprovider who can fetch any attribute you ask him. @@ -16,16 +18,18 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ @Override - public PersonalAttribute acquire(String attributeName) + public IPersonalAttributeList acquire(PersonalAttribute attributeName) throws UnsupportedAttributeException { - return new PersonalAttribute("sepp", true, new ArrayList(), ""); + PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); + requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList(), "")); + return requestedAttributes; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ @Override - public PersonalAttribute parse(HttpServletRequest httpReq) { + public IPersonalAttributeList parse(HttpServletRequest httpReq) { // TODO Auto-generated method stub return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index fad049763..a9e2cf358 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -5,7 +5,9 @@ import java.util.ArrayList; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; /** * Just a simple demoprovider who can fetch any attribute you ask him. @@ -16,7 +18,7 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ @Override - public PersonalAttribute acquire(String attributeName) + public IPersonalAttributeList acquire(PersonalAttribute attributeName) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { throw new ExternalAttributeRequestRequiredException(this); } @@ -25,8 +27,10 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ @Override - public PersonalAttribute parse(HttpServletRequest httpReq) { - return new PersonalAttribute("sepp", true, new ArrayList(), ""); + public IPersonalAttributeList parse(HttpServletRequest httpReq) { + PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); + requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList(), "")); + return requestedAttributes; } /* (non-Javadoc) -- cgit v1.2.3 From f9889e63f9263c2d1fc24c9103025d16ee471a79 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 20:51:15 +0100 Subject: added Stork AttributeQuery APProvider --- .../id/protocols/stork2/AttributeCollector.java | 2 + .../stork2/StorkAttributeRequestProvider.java | 45 ++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 2e9072f0d..4eb874d8f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -37,11 +37,13 @@ public class AttributeCollector implements IAction { /** The return url. */ // TODO find correct return URL + // HTTPUtils.getBaseURL(req); private String returnUrl = "findCorrectReturnURL"; public AttributeCollector() { // TODO generate from config attributeProviders = new ArrayList(); + attributeProviders.add(new StorkAttributeRequestProvider()); attributeProviders.add(new DemoRedirectAttributeProvider()); attributeProviders.add(new DemoNoRedirectAttributeProvider()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java new file mode 100644 index 000000000..1862bdbe9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; + +/** + * creates a STORK attribute request for a configurable set of attributes + */ +public class StorkAttributeRequestProvider implements AttributeProvider { + + private PersonalAttributeList requestedAttributes; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) + */ + @Override + public IPersonalAttributeList acquire(PersonalAttribute attribute) + throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { + requestedAttributes = new PersonalAttributeList(1); + requestedAttributes.add(attribute); + throw new ExternalAttributeRequestRequiredException(this); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) + */ + @Override + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) + */ + @Override + public void performRedirect(String url, HttpServletResponse resp) { + + } + +} -- cgit v1.2.3 From 6ac37f0acfb232d64607d685c0ad7f11fe581df0 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 20:52:19 +0100 Subject: StorkAPprovider can parse a stork response --- .../stork2/StorkAttributeRequestProvider.java | 33 +++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 1862bdbe9..fbb430362 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -4,9 +4,14 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; /** * creates a STORK attribute request for a configurable set of attributes @@ -31,7 +36,33 @@ public class StorkAttributeRequestProvider implements AttributeProvider { */ @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException { - return null; + Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); + + //extract STORK Response from HTTP Request + //Decodes SAML Response + byte[] decSamlToken; + try { + decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse")); + } catch(NullPointerException e) { + Logger.error("Unable to retrieve STORK Response", e); + throw new MOAIDException("stork.04", null); + } + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + + STORKAttrQueryResponse attrResponse = null; + try { + //validate SAML Token + Logger.debug("Starting validation of SAML response"); + attrResponse = engine.validateSTORKAttrQueryResponse(decSamlToken, (String) httpReq.getRemoteHost()); + Logger.info("SAML response succesfully verified!"); + }catch(STORKSAMLEngineException e){ + Logger.error("Failed to verify STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + return attrResponse.getPersonalAttributeList(); } /* (non-Javadoc) -- cgit v1.2.3 From ab303539da5d60a2e12c07b30b997c010155d0b6 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 13 Feb 2014 20:56:37 +0100 Subject: parse reports unsupported data properly now --- .../moa/id/protocols/stork2/StorkAttributeRequestProvider.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index fbb430362..32b0bb334 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -35,7 +35,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ @Override - public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException { + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); //extract STORK Response from HTTP Request @@ -44,8 +44,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider { try { decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse")); } catch(NullPointerException e) { - Logger.error("Unable to retrieve STORK Response", e); - throw new MOAIDException("stork.04", null); + throw new UnsupportedAttributeException(); } //Get SAMLEngine instance -- cgit v1.2.3 From 6e4f150c26b55cb2a0771e4d6c9b65cbc760c0f2 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 14 Feb 2014 16:11:09 +0100 Subject: logging --- .../egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 1971fe12d..1fa88e0a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -156,11 +156,14 @@ public class AuthenticationRequest implements IAction { context.put("SAMLResponse", IOUtils.toString(authnResponse.getTokenSaml())); Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); - Logger.info("Putting assertion consumer url as action: " + ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + Logger.debug("Putting assertion consumer url as action: " + ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); context.put("action", ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + Logger.debug("Starting template merge"); StringWriter writer = new StringWriter(); + Logger.debug("Doing template merge"); template.merge(context, writer); - + Logger.debug("Template merge done"); + Logger.debug("Sending html content: " + writer.toString().getBytes()); httpResp.getOutputStream().write(writer.toString().getBytes()); } catch (Exception e) { -- cgit v1.2.3 From efa960b616d81e762905b531814560616b98eab4 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 18 Feb 2014 16:26:11 +0100 Subject: saml point --- .../id/protocols/stork2/AuthenticationRequest.java | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 1fa88e0a2..55d5f3626 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -27,6 +27,7 @@ import java.util.HashMap; import eu.stork.peps.auth.engine.SAMLEngine; import sun.rmi.runtime.Log; + /** * @author bsuzic * Date: 12/3/13, Time: 2:08 PM @@ -142,6 +143,7 @@ public class AuthenticationRequest implements IAction { try { Logger.debug("authn saml:" + IOUtils.toString(authnResponse.getTokenSaml())); + Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); } catch (IOException e) { e.printStackTrace(); @@ -153,18 +155,28 @@ public class AuthenticationRequest implements IAction { VelocityContext context = new VelocityContext(); //Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); - context.put("SAMLResponse", IOUtils.toString(authnResponse.getTokenSaml())); - Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); + //context.put("SAMLResponse", IOUtils.toString(authnResponse.getTokenSaml())); + + context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + //Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.encode(context.get("SAMLResponse").toString().getBytes())); Logger.debug("Putting assertion consumer url as action: " + ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); context.put("action", ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); Logger.debug("Starting template merge"); StringWriter writer = new StringWriter(); + //PrintWriter pwriter = new StringWriter(); + Logger.debug("Doing template merge"); template.merge(context, writer); Logger.debug("Template merge done"); - Logger.debug("Sending html content: " + writer.toString().getBytes()); - httpResp.getOutputStream().write(writer.toString().getBytes()); + + Logger.debug("Sending html content: " + writer.getBuffer().toString()); + Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + + + + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); } catch (Exception e) { Logger.error("Velocity error: " + e.getMessage()); @@ -172,7 +184,7 @@ public class AuthenticationRequest implements IAction { HttpSession httpSession = httpReq.getSession(); httpSession.setAttribute("STORKSessionID", "12345"); - Logger.info("Status code: " + authnResponse.getStatusCode()); + Logger.info("Status code again: " + authnResponse.getStatusCode()); -- cgit v1.2.3 From ad0a0adca1ab94f42ed65d9ccf2c68e283a728aa Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 18 Feb 2014 18:13:19 +0100 Subject: saml point --- .../id/protocols/stork2/AuthenticationRequest.java | 26 +++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 55d5f3626..2debe7452 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -97,11 +97,30 @@ public class AuthenticationRequest implements IAction { authnResponse.setCountry("AT"); + IPersonalAttributeList attrLst = ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getPersonalAttributeList(); + Logger.info("Found number of authnreq personal attributes: " + attrLst.size()); + + try { + for (PersonalAttribute personalAttribute : attrLst) { + Logger.info("Personal authnreq attribute found: " + personalAttribute.getName() + " status: " + personalAttribute.getStatus() + " isrequired: " + personalAttribute.isRequired() + " type: " + personalAttribute.getType()); + + if (personalAttribute.getValue().size() > 0) { + for (String value : personalAttribute.getValue()) { + Logger.info(" Value found: " + value); + } + } + } + } catch (Exception e) { + Logger.error("Exception, attributes: " + e.getMessage()); + } + + try { + IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); + Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); - IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); - for (PersonalAttribute personalAttribute : moaAttrList) { + for (PersonalAttribute personalAttribute : moaAttrList) { Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); if (personalAttribute.getValue().size() > 0) { for (String value : personalAttribute.getValue()) { @@ -142,7 +161,8 @@ public class AuthenticationRequest implements IAction { Logger.debug("authn status code value: " + statusCodeValue); try { - Logger.debug("authn saml:" + IOUtils.toString(authnResponse.getTokenSaml())); + Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); + Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // radi Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); } catch (IOException e) { -- cgit v1.2.3 From 17eb279fb70ec2e1057db7b4377f34b6ad6c844b Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 19 Feb 2014 15:48:32 +0100 Subject: refactoring names --- .../id/protocols/stork2/AuthenticationRequest.java | 21 ++--- .../id/protocols/stork2/MOASTORKAuthnRequest.java | 71 ++++++++++++++ .../moa/id/protocols/stork2/STORKAuthnReq.java | 105 --------------------- .../id/protocols/stork2/STORKAuthnRequestDEL.java | 71 -------------- .../moa/id/protocols/stork2/STORKProtocol.java | 10 +- 5 files changed, 83 insertions(+), 195 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 2debe7452..0724b744f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -15,17 +15,12 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import javax.servlet.ServletOutputStream; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.*; import java.util.ArrayList; -import java.util.HashMap; -import eu.stork.peps.auth.engine.SAMLEngine; -import sun.rmi.runtime.Log; /** @@ -51,10 +46,10 @@ public class AuthenticationRequest implements IAction { Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); httpResp.reset(); //httpResp.addHeader("Location", "http:/www.google.com"); - if (req instanceof STORKAuthnRequestDEL) { + if (req instanceof MOASTORKAuthnRequest) { /* - Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); - StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); + Logger.debug("STORK QAA 2 :" + ((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getQAALevel()); + StartAuthResponse startAuthResponse = getStartAuthResponse(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); HttpSession httpSession = httpReq.getSession(); httpSession.setAttribute("STORKSessionID", "12345"); @@ -97,7 +92,7 @@ public class AuthenticationRequest implements IAction { authnResponse.setCountry("AT"); - IPersonalAttributeList attrLst = ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getPersonalAttributeList(); + IPersonalAttributeList attrLst = ((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getPersonalAttributeList(); Logger.info("Found number of authnreq personal attributes: " + attrLst.size()); try { @@ -144,7 +139,7 @@ public class AuthenticationRequest implements IAction { //Get SAMLEngine instance STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); Logger.debug("Starting generation of SAML response"); - authnResponse = engine.generateSTORKAuthnResponse(((STORKAuthnRequestDEL)req).getStorkAuthnRequest(),authnResponse,httpReq.getRemoteAddr(),false); + authnResponse = engine.generateSTORKAuthnResponse(((MOASTORKAuthnRequest)req).getStorkAuthnRequest(),authnResponse,httpReq.getRemoteAddr(),false); //generateSAML Token Logger.info("SAML response succesfully generated!"); }catch(STORKSAMLEngineException e){ @@ -181,8 +176,8 @@ public class AuthenticationRequest implements IAction { Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); //Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.encode(context.get("SAMLResponse").toString().getBytes())); - Logger.debug("Putting assertion consumer url as action: " + ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); - context.put("action", ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + Logger.debug("Putting assertion consumer url as action: " + ((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + context.put("action", ((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); Logger.debug("Starting template merge"); StringWriter writer = new StringWriter(); //PrintWriter pwriter = new StringWriter(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java new file mode 100644 index 000000000..7c88e25d6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java @@ -0,0 +1,71 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.moduls.IRequest; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import org.opensaml.common.xml.SAMLConstants; + +/** + * @author bsuzic + * Date: 12/4/13, Time: 6:31 PM + */ +//public class MOASTORKAuthnRequest extends STORKAuthnRequestImpl implements IRequest { + +public class MOASTORKAuthnRequest implements IRequest { + private String requestID; + private String target = null; + String module = null; + String action = null; + private STORKAuthnRequest storkAuthnRequest; + + public void setSTORKAuthnRequest(STORKAuthnRequest request) { + this.storkAuthnRequest = request; + } + + public STORKAuthnRequest getStorkAuthnRequest() { + return this.storkAuthnRequest; + } + + public String getOAURL() { + return "https://sp:8889/SP"; // + } + + public boolean isPassiv() { + return false; // + } + + public boolean forceAuth() { + return false; // + } + + public boolean isSSOSupported() { + return false; // + } + + public String requestedModule() { + return this.module; // + } + + public String requestedAction() { + return action; // + } + + public void setModule(String module) { + this.module = module; + } + + public void setAction(String action) { + this.action = action; + } + + public String getTarget() { + return this.target; // + } + + public void setRequestID(String id) { + this.requestID = id; + } + + public String getRequestID() { + return this.requestID; // + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java deleted file mode 100644 index 54072b6a3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnReq.java +++ /dev/null @@ -1,105 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; -import org.opensaml.ws.transport.http.HTTPInTransport; - - -/** - * @author bsuzic - * Date: 1/22/14, Time: 5:30 PM - */ -public class STORKAuthnReq implements IRequest { - private String requestID; - private String target = null; - String module = null; - String action = null; - private STORKAuthnRequest storkAuthnRequest; - - public void setSTORKAuthnRequest(STORKAuthnRequest request) { - this.storkAuthnRequest = request; - } - - public STORKAuthnRequest getStorkAuthnRequest() { - return this.storkAuthnRequest; - } - - public void createStorkReq(HTTPInTransport profileReq) { - Logger.debug("Generate stork request test..."); - storkAuthnRequest = new STORKAuthnRequest(); - - BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); - samlMessageContext.setInboundMessageTransport(profileReq); - - HTTPPostDecoder postDecoder = new HTTPPostDecoder(); - postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator - - try { - Logger.debug("Attempting to decode request..."); - postDecoder.decode(samlMessageContext); - } catch (Exception e) { - Logger.error("Error decoding STORKAuthnRequest", e); - } - - - - //storkAuthnRequest = (STORKAuthnRequest)samlMessageContext.getInboundSAMLMessage(); - //samlMessageContext.getinbound - //storkAuthnRequest.set - - - - } - - - - public String getOAURL() { - return "https://sp:8889/SP"; // - } - - public boolean isPassiv() { - return false; // - } - - public boolean forceAuth() { - return false; // - } - - public boolean isSSOSupported() { - return false; // - } - - public String requestedModule() { - return this.module; // - } - - public String requestedAction() { - return action; // - } - - public void setModule(String module) { - this.module = module; - } - - public void setAction(String action) { - this.action = action; - } - - public String getTarget() { - return this.target; // - } - - public void setRequestID(String id) { - this.requestID = id; - } - - public String getRequestID() { - return this.requestID; // - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java deleted file mode 100644 index c8a5ac84d..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKAuthnRequestDEL.java +++ /dev/null @@ -1,71 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.moduls.IRequest; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import org.opensaml.common.xml.SAMLConstants; - -/** - * @author bsuzic - * Date: 12/4/13, Time: 6:31 PM - */ -//public class STORKAuthnRequestDEL extends STORKAuthnRequestImpl implements IRequest { - -public class STORKAuthnRequestDEL implements IRequest { - private String requestID; - private String target = null; - String module = null; - String action = null; - private STORKAuthnRequest storkAuthnRequest; - - public void setSTORKAuthnRequest(STORKAuthnRequest request) { - this.storkAuthnRequest = request; - } - - public STORKAuthnRequest getStorkAuthnRequest() { - return this.storkAuthnRequest; - } - - public String getOAURL() { - return "https://sp:8889/SP"; // - } - - public boolean isPassiv() { - return false; // - } - - public boolean forceAuth() { - return false; // - } - - public boolean isSSOSupported() { - return false; // - } - - public String requestedModule() { - return this.module; // - } - - public String requestedAction() { - return action; // - } - - public void setModule(String module) { - this.module = module; - } - - public void setAction(String action) { - this.action = action; - } - - public String getTarget() { - return this.target; // - } - - public void setRequestID(String id) { - this.requestID = id; - } - - public String getRequestID() { - return this.requestID; // - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 9564afa27..5611c9269 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; @@ -9,7 +8,6 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -107,8 +105,8 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { /* STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); - //STORKAuthnRequestDEL STORK2Request = (STORKAuthnRequestDEL)samlMessageContext.getInboundSAMLMessage(); - STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); + //MOASTORKAuthnRequest STORK2Request = (MOASTORKAuthnRequest)samlMessageContext.getInboundSAMLMessage(); + MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); STORK2Request.setSTORKAuthnRequest(ST2Req); Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode()); @@ -116,10 +114,10 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); */ - STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); + //STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); - STORKAuthnRequestDEL STORK2Request = new STORKAuthnRequestDEL(); + MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); //extract STORK Response from HTTP Request -- cgit v1.2.3 From 7db3b698532a4f10f66ee388571fac102e8bcf11 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 19 Feb 2014 16:11:19 +0100 Subject: remove old code --- .../id/protocols/stork2/AuthenticationRequest.java | 50 ---------------------- .../id/protocols/stork2/MOASTORKAuthnRequest.java | 1 - .../moa/id/protocols/stork2/STORKProtocol.java | 5 +++ 3 files changed, 5 insertions(+), 51 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 0724b744f..52db1c240 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -212,57 +212,7 @@ public class AuthenticationRequest implements IAction { } - /* - - public StartAuthResponse getStartAuthResponse(STORKAuthnRequest authnRequest) { - - StartAuthResponse authResponse = new StartAuthResponse(500, null, new HashMap()); - - if (authnRequest.getSPID() != null) { - Logger.debug("SP id: " + authnRequest.getSPID()); - } else { - SpInstitution spInstitution = (SpInstitution)authnRequest.getExtensions().getUnknownXMLObjects(SpInstitution.DEFAULT_ELEMENT_NAME).get(0); - Logger.debug("SP institution: " + spInstitution.getValue()); - } - - Logger.debug("SPEPS issuer: " + authnRequest.getIssuer().getValue()); - Logger.debug("SPEPS Consumer URL: " + authnRequest.getAssertionConsumerServiceURL()); - - - - try { - - initVelocityEngine(); - VelocityContext velocityContext = new VelocityContext(); - - velocityContext.put("action", authnRequest.getDestination()); - if (authnRequest.getDOM() == null) { - SAMLUtil.marshallMessage(authnRequest); - } - - String messageXML = XMLHelper.nodeToString(authnRequest.getDOM()); - String encodedMessage = Base64.encodeBytes(messageXML.getBytes("UTF-8"), Base64.DONT_BREAK_LINES); - velocityContext.put("SAMLRequest", encodedMessage); - ByteArrayOutputStream outStream = new ByteArrayOutputStream(); - - Writer out = new OutputStreamWriter(outStream, "UTF-8"); - velocityEngine.mergeTemplate("/templates/saml2-post-binding.vm", "UTF-8", velocityContext, out); - out.flush(); - authResponse.setContent(outStream.toByteArray()); - - authResponse.addHeader("Content-Type", "text/html; charset=utf-8"); - authResponse.addHeader("Cache-Control", "no-cache"); - authResponse.setHttpStatusCode(200); - - } catch (Exception e) { - Logger.error("ERROR"); - } - - - return authResponse; - } - */ public String getDefaultActionName() { return STORKProtocol.AUTHENTICATIONREQUEST; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java index 7c88e25d6..c9fb136c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java @@ -8,7 +8,6 @@ import org.opensaml.common.xml.SAMLConstants; * @author bsuzic * Date: 12/4/13, Time: 6:31 PM */ -//public class MOASTORKAuthnRequest extends STORKAuthnRequestImpl implements IRequest { public class MOASTORKAuthnRequest implements IRequest { private String requestID; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 5611c9269..33d2040eb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -167,6 +167,11 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { return false; } + + public void checkPersonalAttributes() { + + + } } -- cgit v1.2.3 From 51e9d604381d6be35bbe2dd0df9cb75af3152d96 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 19 Feb 2014 19:38:00 +0100 Subject: attrs --- .../id/protocols/stork2/AuthenticationRequest.java | 82 ++++++++++++++++------ .../id/protocols/stork2/MOAAttributeProvider.java | 69 ++++++++++++++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 1 + 3 files changed, 129 insertions(+), 23 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 52db1c240..a537a7708 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -36,9 +36,15 @@ public class AuthenticationRequest implements IAction { private VelocityEngine velocityEngine; + private AuthenticationSession moaSession; + private MOASTORKAuthnRequest moaStorkAuthnRequest; public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + + this.moaSession = moasession; + this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req; + Logger.debug("Starting AuthenticationRequest"); //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); Logger.debug("Http Response: " + httpResp.toString() + ", "); @@ -85,29 +91,12 @@ public class AuthenticationRequest implements IAction { //httpResp.setStatus(200); //VPEPSInboundPostHandler - // - prepare attribute list - PersonalAttributeList attributeList = new PersonalAttributeList(); STORKAuthnResponse authnResponse = new STORKAuthnResponse(); authnResponse.setCountry("AT"); - IPersonalAttributeList attrLst = ((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getPersonalAttributeList(); - Logger.info("Found number of authnreq personal attributes: " + attrLst.size()); - - try { - for (PersonalAttribute personalAttribute : attrLst) { - Logger.info("Personal authnreq attribute found: " + personalAttribute.getName() + " status: " + personalAttribute.getStatus() + " isrequired: " + personalAttribute.isRequired() + " type: " + personalAttribute.getType()); - if (personalAttribute.getValue().size() > 0) { - for (String value : personalAttribute.getValue()) { - Logger.info(" Value found: " + value); - } - } - } - } catch (Exception e) { - Logger.error("Exception, attributes: " + e.getMessage()); - } try { @@ -128,12 +117,7 @@ public class AuthenticationRequest implements IAction { Logger.error("Exception, attributes: " + e.getMessage()); } - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName("eIdentifier"); - newAttribute.setValue(new ArrayList(Collections.singletonList("xxxxxxxxxxxxxxx"))); - attributeList.add(newAttribute); - authnResponse.setPersonalAttributeList(attributeList); - + authnResponse.setPersonalAttributeList(populateAttributes()); try { //Get SAMLEngine instance @@ -212,7 +196,59 @@ public class AuthenticationRequest implements IAction { } + public PersonalAttributeList populateAttributes() { + IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList(); + Logger.info("Found " + attrLst.size() + " personal attributes in the request." ); + + // Define attribute list to be populated + PersonalAttributeList attributeList = new PersonalAttributeList(); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink()); + + try { + for (PersonalAttribute personalAttribute : attrLst) { + Logger.debug("Personal attribute found: " + personalAttribute.getName() + " status: " + personalAttribute.getStatus() + " isrequired: " + personalAttribute.isRequired() + " type: " + personalAttribute.getType()); + + if ("givenName".equals(personalAttribute.getName())) { + Logger.debug("Providing new attribute: " + personalAttribute.getName()); + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName("givenName"); + newAttribute.setValue(new ArrayList(Collections.singletonList(moaSession.getIdentityLink().getGivenName()))); + attributeList.add(newAttribute); + } + + if (personalAttribute.getValue().size() > 0) { + for (String value : personalAttribute.getValue()) { + Logger.info(" Value found: " + value); + } + } + } + } catch (Exception e) { + Logger.error("Exception, attributes: " + e.getMessage()); + } + + + Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock()); + Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName()); + + + Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier()); + + + Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken()); + + // moaAttributeProvider.populateAttribute(attributeList, personalAttribute.getName()); + + moaAttributeProvider.populateAttribute(attributeList, "givenName"); + + moaAttributeProvider.populateAttribute(attributeList, "surname"); + + moaAttributeProvider.populateAttribute(attributeList, "xxname"); + + moaAttributeProvider.populateAttribute(attributeList, "dateOfBirth"); + + return attributeList; + } public String getDefaultActionName() { return STORKProtocol.AUTHENTICATIONREQUEST; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java new file mode 100644 index 000000000..33c1ffcd2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -0,0 +1,69 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +/** + * @author bsuzic + * Date: 2/19/14, Time: 4:42 PM + */ +public class MOAAttributeProvider { + private final IdentityLink identityLink; + private static final Map storkAttributeMapping; + + static { + Map tempMap = new HashMap(); + tempMap.put("givenName", "getGivenName"); + tempMap.put("surname", "getFamilyName"); + tempMap.put("dateOfBirth", "getDateOfBirth"); + storkAttributeMapping = Collections.unmodifiableMap(tempMap); + } + + + public MOAAttributeProvider(IdentityLink identityLink) { + this.identityLink = identityLink; + Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue()); + } + + public void populateAttribute(PersonalAttributeList attributeList, String storkAttribute) { + + if (storkAttributeMapping.containsKey(storkAttribute)) { + Method method = null; + Logger.debug("Trying to get value for attribute: " + storkAttribute); + + try { + method = identityLink.getClass().getDeclaredMethod(storkAttributeMapping.get(storkAttribute)); + String attributeValue = method.invoke(identityLink, new Class[]{}).toString(); + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName(storkAttribute); + Logger.debug("Got attribute value: " + attributeValue); + newAttribute.setValue(new ArrayList(edu.emory.mathcs.backport.java.util.Collections.singletonList(attributeValue))); + attributeList.add(newAttribute); + } catch (NoSuchMethodException e) { + Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); + e.printStackTrace(); + } catch (InvocationTargetException e) { + Logger.error("Invocation target expcetiion while getting attribute: " + storkAttribute); + e.printStackTrace(); + } catch (IllegalAccessException e) { + Logger.error("Illegal access exception while getting attribute: " + storkAttribute); + e.printStackTrace(); + } + + } else { + Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined."); + } + + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 33d2040eb..3d7852c4b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -153,6 +153,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORK2Request.setSTORKAuthnRequest(authnRequest); + return STORK2Request; } -- cgit v1.2.3 From 4e840ada79ad862494115374406b1ecb0b4a55ef Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 20 Feb 2014 16:58:47 +0100 Subject: attribute changes --- .../id/protocols/stork2/AuthenticationRequest.java | 33 +++++----- .../id/protocols/stork2/MOAAttributeProvider.java | 74 ++++++++++++++-------- 2 files changed, 64 insertions(+), 43 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index a537a7708..446d942ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -207,21 +207,18 @@ public class AuthenticationRequest implements IAction { try { for (PersonalAttribute personalAttribute : attrLst) { - Logger.debug("Personal attribute found: " + personalAttribute.getName() + " status: " + personalAttribute.getStatus() + " isrequired: " + personalAttribute.isRequired() + " type: " + personalAttribute.getType()); - - if ("givenName".equals(personalAttribute.getName())) { - Logger.debug("Providing new attribute: " + personalAttribute.getName()); - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName("givenName"); - newAttribute.setValue(new ArrayList(Collections.singletonList(moaSession.getIdentityLink().getGivenName()))); - attributeList.add(newAttribute); - } + Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); + + moaAttributeProvider.populateAttribute(attributeList, personalAttribute); + + // if ("givenName".equals(personalAttribute.getName())) { + // Logger.debug("Providing new attribute: " + personalAttribute.getName()); + // PersonalAttribute newAttribute = new PersonalAttribute(); + // newAttribute.setName("givenName"); + // newAttribute.setValue(new ArrayList(Collections.singletonList(moaSession.getIdentityLink().getGivenName()))); + // attributeList.add(newAttribute); + // } - if (personalAttribute.getValue().size() > 0) { - for (String value : personalAttribute.getValue()) { - Logger.info(" Value found: " + value); - } - } } } catch (Exception e) { Logger.error("Exception, attributes: " + e.getMessage()); @@ -239,13 +236,13 @@ public class AuthenticationRequest implements IAction { // moaAttributeProvider.populateAttribute(attributeList, personalAttribute.getName()); - moaAttributeProvider.populateAttribute(attributeList, "givenName"); + // moaAttributeProvider.populateAttribute(attributeList, "givenName"); - moaAttributeProvider.populateAttribute(attributeList, "surname"); + // moaAttributeProvider.populateAttribute(attributeList, "surname"); - moaAttributeProvider.populateAttribute(attributeList, "xxname"); + // moaAttributeProvider.populateAttribute(attributeList, "xxname"); - moaAttributeProvider.populateAttribute(attributeList, "dateOfBirth"); + // moaAttributeProvider.populateAttribute(attributeList, "dateOfBirth"); return attributeList; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 33c1ffcd2..cde902e4d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -18,52 +18,76 @@ import java.util.Map; */ public class MOAAttributeProvider { private final IdentityLink identityLink; - private static final Map storkAttributeMapping; + private static final Map storkAttributeSimpleMapping; + private static final Map storkAttributeFunctionMapping; static { - Map tempMap = new HashMap(); - tempMap.put("givenName", "getGivenName"); - tempMap.put("surname", "getFamilyName"); - tempMap.put("dateOfBirth", "getDateOfBirth"); - storkAttributeMapping = Collections.unmodifiableMap(tempMap); + Map tempSimpleMap = new HashMap(); + tempSimpleMap.put("givenName", "getGivenName"); + tempSimpleMap.put("surname", "getFamilyName"); + tempSimpleMap.put("dateOfBirth", "getDateOfBirth"); + storkAttributeSimpleMapping = Collections.unmodifiableMap(tempSimpleMap); + Map tempFunctionMap = new HashMap(); + tempFunctionMap.put("eIdentifier", "geteIdentifier"); + storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); } - public MOAAttributeProvider(IdentityLink identityLink) { this.identityLink = identityLink; Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue()); } - public void populateAttribute(PersonalAttributeList attributeList, String storkAttribute) { - - if (storkAttributeMapping.containsKey(storkAttribute)) { - Method method = null; - Logger.debug("Trying to get value for attribute: " + storkAttribute); + public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) { + String storkAttribute = requestedAttribute.getName(); + if (storkAttributeSimpleMapping.containsKey(storkAttribute)) { + Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]"); try { - method = identityLink.getClass().getDeclaredMethod(storkAttributeMapping.get(storkAttribute)); - String attributeValue = method.invoke(identityLink, new Class[]{}).toString(); - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName(storkAttribute); - Logger.debug("Got attribute value: " + attributeValue); - newAttribute.setValue(new ArrayList(edu.emory.mathcs.backport.java.util.Collections.singletonList(attributeValue))); - attributeList.add(newAttribute); + Method method = identityLink.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute)); + populateAttributeWithMethod(method, identityLink, attributeList, storkAttribute, requestedAttribute.isRequired()); } catch (NoSuchMethodException e) { Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); e.printStackTrace(); - } catch (InvocationTargetException e) { - Logger.error("Invocation target expcetiion while getting attribute: " + storkAttribute); - e.printStackTrace(); - } catch (IllegalAccessException e) { - Logger.error("Illegal access exception while getting attribute: " + storkAttribute); - e.printStackTrace(); } + } else if (storkAttributeFunctionMapping.containsKey(storkAttribute)) { + + Logger.debug("Trying to get value for attribute using function mapping [" + storkAttribute + "]"); + try { + Method method = this.getClass().getDeclaredMethod(storkAttributeFunctionMapping.get(storkAttribute)); + populateAttributeWithMethod(method, this, attributeList, storkAttribute, requestedAttribute.isRequired()); + } catch (NoSuchMethodException e) { + Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); + e.printStackTrace(); + } } else { Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined."); } + } + private String geteIdentifier() { + return "askdlaskdlaskdsds"; + } + + private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) { + try { + String attributeValue = method.invoke(object, new Class[]{}).toString(); + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName(storkAttribute); + newAttribute.setStatus("Available"); + newAttribute.setIsRequired(isRequired); + Logger.debug("Got attribute value: " + attributeValue); + newAttribute.setValue(new ArrayList(edu.emory.mathcs.backport.java.util.Collections.singletonList(attributeValue))); + attributeList.add(newAttribute); + } catch (InvocationTargetException e) { + Logger.error("Invocation target exception while getting attribute: " + storkAttribute); + e.printStackTrace(); + } catch (IllegalAccessException e) { + Logger.error("Illegal access exception while getting attribute: " + storkAttribute); + e.printStackTrace(); + } } } + -- cgit v1.2.3 From 69475d1ca29ac530df84153635119adf908cbb53 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 20 Feb 2014 18:07:42 +0100 Subject: handling errors when configuration entries are non existent --- .../egovernment/moa/id/config/stork/STORKConfig.java | 18 +++++++++++++++--- .../moa/id/protocols/stork2/MOASTORKAuthnRequest.java | 1 + 2 files changed, 16 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index ff481b825..f79fd6e17 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -59,8 +59,14 @@ public class STORKConfig { this.props = props; //create CPEPS map - List cpeps = stork.getCPEPS(); - + List cpeps = null; + + try { + cpeps = stork.getCPEPS(); + } catch (NullPointerException ex) { + Logger.error("CPEPS not configured!"); + } + cpepsMap = new HashMap(); if (cpeps != null) { @@ -79,11 +85,17 @@ public class STORKConfig { } attr = new ArrayList(); - if (stork.getAttributes() != null) { + + try { + if (stork.getAttributes() != null) { for(StorkAttribute current : stork.getAttributes()) { attr.add(current); } } + } catch (NullPointerException ex) { + Logger.error("Attributes not configured!"); + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java index c9fb136c9..cee64e16e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java @@ -25,6 +25,7 @@ public class MOASTORKAuthnRequest implements IRequest { } public String getOAURL() { + return "https://sp:8889/SP"; // } -- cgit v1.2.3 From 0e19ab212b9c652401937ba3a2a4b415c010eeb4 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 11:23:42 +0100 Subject: StorkAPProvider can issue an attribute query draft --- .../id/protocols/stork2/AttributeCollector.java | 6 +- .../moa/id/protocols/stork2/AttributeProvider.java | 6 +- .../stork2/StorkAttributeRequestProvider.java | 71 +++++++++++++++++++++- 3 files changed, 76 insertions(+), 7 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 4eb874d8f..8ccaa35de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -89,7 +89,7 @@ public class AttributeCollector implements IAction { container.getResponse().getPersonalAttributeList().add(current); // see if we need some more attributes - return processRequest(container, httpResp); + return processRequest(container, httpReq, httpResp); } /** @@ -100,7 +100,7 @@ public class AttributeCollector implements IAction { * @return the string * @throws MOAIDException */ - public String processRequest(DataContainer container, HttpServletResponse response) throws MOAIDException { + public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response) throws MOAIDException { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -139,7 +139,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId, response); + e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index e1f5620a8..117a1f6b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -1,7 +1,5 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import java.util.List; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -32,9 +30,11 @@ public interface AttributeProvider { * Perform redirect. * * @param url the return URL ending with ?artifactId=... + * @param citizenCountyCode the citizen county code + * @param req the request we got from the S-PEPS and for which we have to ask our APs * @param resp the response to the preceding request */ - public void performRedirect(String url, HttpServletResponse resp); + public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp); /** * Parses the response we got from the external attribute provider. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 32b0bb334..90b1a0180 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -1,15 +1,31 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.io.StringWriter; +import java.util.ArrayList; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; + import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -19,6 +35,9 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException; public class StorkAttributeRequestProvider implements AttributeProvider { private PersonalAttributeList requestedAttributes; + + /** The destination. */ + private String destination; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) @@ -68,8 +87,58 @@ public class StorkAttributeRequestProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) */ @Override - public void performRedirect(String url, HttpServletResponse resp) { + public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp) { + OAAuthParameter oaParam; + + String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + String spCountry = "AT"; + + //generate AuthnRquest + STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); + attributeRequest.setDestination(destination); + attributeRequest.setAssertionConsumerServiceURL(url); + attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); + attributeRequest.setQaa(oaParam.getQaaLevel()); + attributeRequest.setSpInstitution(spInstitution); + attributeRequest.setCountry(spCountry); + attributeRequest.setSpApplication(spApplication); + attributeRequest.setSpSector(spSector); + attributeRequest.setPersonalAttributeList(requestedAttributes); + + attributeRequest.setCitizenCountryCode(citizenCountryCode); + + + Logger.debug("STORK AttrRequest succesfully assembled."); + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); + try { + attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest); + } catch (STORKSAMLEngineException e) { + Logger.error("Could not sign STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AttrRequest successfully signed!"); + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.11", null); + } } } -- cgit v1.2.3 From 3f388c8862a4543d8c7f791e5ff47090d533aa0c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 14:55:17 +0100 Subject: added attribute collector action to protocol and urlrewrite --- .../java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java | 1 + 1 file changed, 1 insertion(+) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 323d9ba8e..318a8fc9c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -43,6 +43,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { static { actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); + actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector()); instance = new STORKProtocol(); } -- cgit v1.2.3 From 4c2406224be2df8b09050178630cdcff979c5ebf Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 24 Feb 2014 11:42:44 +0100 Subject: introduced attributeproviderfactory --- .../moa/id/config/auth/OAAuthParameter.java | 6 ++- .../id/protocols/stork2/AttributeCollector.java | 33 ++++++------- .../protocols/stork2/AttributeProviderFactory.java | 57 ++++++++++++++++++++++ .../stork2/DemoNoRedirectAttributeProvider.java | 6 ++- .../stork2/DemoRedirectAttributeProvider.java | 9 ++-- .../stork2/StorkAttributeRequestProvider.java | 9 ++++ 6 files changed, 95 insertions(+), 25 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 7a38e2afd..c3943d816 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -51,6 +51,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; @@ -66,6 +67,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -342,7 +344,9 @@ public List getRequestedAttributes() { return oa_auth.getOASTORK().getOAAttributes(); } - +public List getStorkAPs() { + return oa_auth.getOASTORK().getAttributeProviders(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 8ccaa35de..32a8cb9c5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -4,8 +4,11 @@ import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; @@ -33,32 +36,24 @@ public class AttributeCollector implements IAction { /** The Constant ARTIFACT_ID. */ private static final String ARTIFACT_ID = "artifactId"; - private ArrayList attributeProviders; - /** The return url. */ // TODO find correct return URL // HTTPUtils.getBaseURL(req); private String returnUrl = "findCorrectReturnURL"; - public AttributeCollector() { - // TODO generate from config - attributeProviders = new ArrayList(); - attributeProviders.add(new StorkAttributeRequestProvider()); - attributeProviders.add(new DemoRedirectAttributeProvider()); - attributeProviders.add(new DemoNoRedirectAttributeProvider()); - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) */ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - // check if we have a STORKAttributeResponse in the request - // - no, how did we get here? - // yes, we got a recent requested attribute - // - find the attribute provider plugin that can handle the response + + // read configuration parameters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + + // find the attribute provider plugin that can handle the response IPersonalAttributeList newAttributes = null; - for (AttributeProvider current : attributeProviders) + for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) try { newAttributes = current.parse(httpReq); } catch (UnsupportedAttributeException e1) { @@ -89,7 +84,7 @@ public class AttributeCollector implements IAction { container.getResponse().getPersonalAttributeList().add(current); // see if we need some more attributes - return processRequest(container, httpReq, httpResp); + return processRequest(container, httpReq, httpResp, oaParam); } /** @@ -100,7 +95,7 @@ public class AttributeCollector implements IAction { * @return the string * @throws MOAIDException */ - public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response) throws MOAIDException { + public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -113,7 +108,7 @@ public class AttributeCollector implements IAction { // for each attribute still missing for(PersonalAttribute currentAttribute : missingAttributes) { // - check if we can find a suitable AttributeProvider Plugin - for(AttributeProvider currentProvider : attributeProviders) { + for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { try { // - hand over control to the suitable plugin IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java new file mode 100644 index 000000000..98d354e8a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -0,0 +1,57 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; + +/** + * A factory for creating AttributeProvider objects. + */ +public class AttributeProviderFactory { + + /** + * Gets the available plugins. + * + * @return the available plugins + */ + public static List getAvailablePlugins() { + List result = new ArrayList(); + result.add("StorkAttributeRequestProvider"); + + return result; + } + + /** + * Creates an AttributeProvider object for the given shortname. Returns + * {@code null} if there is no such provider available. + * + * @param shortname + * the simpleName for the providers class + * @return the attribute provider + */ + public static AttributeProvider create(String shortname, String url) { + switch (shortname) { + case "StorkAttributeRequestProvider": + return new StorkAttributeRequestProvider(url); + default: + return null; + } + } + + /** + * Gets fresh instances of the configured plugins. + * + * @param configuredAPs the configured a ps + * @return the configured plugins + */ + public static List getConfiguredPlugins( + List configuredAPs) { + + List result = new ArrayList(); + for(AttributeProviderPlugin current : configuredAPs) + result.add(create(current.getName(), current.getUrl())); + + return result; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index a38cfed96..52ff0a85a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -34,8 +34,12 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ @Override - public void performRedirect(String url, HttpServletResponse response) { + public void performRedirect(String url, String citizenCountyCode, + HttpServletRequest req, HttpServletResponse resp) { // we should not get here } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index a9e2cf358..6dc0a30cc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -34,12 +34,13 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override - public void performRedirect(String url, HttpServletResponse response) { - // TODO Auto-generated method stub - + public void performRedirect(String url, String citizenCountyCode, + HttpServletRequest req, HttpServletResponse resp) { + // we should not get here + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 90b1a0180..dd34d0d42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -38,6 +38,15 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /** The destination. */ private String destination; + + /** + * Instantiates a new stork attribute request provider. + * + * @param apUrl the AP location + */ + public StorkAttributeRequestProvider(String apUrl) { + destination = apUrl; + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) -- cgit v1.2.3 From e352ed4ac809c333ebbba3421f8cb1857850535b Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 24 Feb 2014 19:18:30 +0100 Subject: correcting certstore directory configyration --- .../id/iaik/config/CertStoreConfigurationImpl.java | 188 ++++++++++++--------- .../id/protocols/stork2/MOAAttributeProvider.java | 1 + 2 files changed, 106 insertions(+), 83 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java index 65634bed3..b6fe20a61 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java @@ -2,19 +2,19 @@ * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * + * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works @@ -46,98 +46,120 @@ package at.gv.egovernment.moa.id.iaik.config; -import java.io.File; - import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; -import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.logging.Logger; import iaik.pki.store.certstore.CertStoreConfiguration; import iaik.pki.store.certstore.CertStoreParameters; import iaik.pki.store.certstore.CertStoreTypes; import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; +import java.io.File; + /** * Implementation of interface needed to initialize an IAIK JSSE TrustManager + * * @author Paul Ivancsics * @version $Id$ */ -public class CertStoreConfigurationImpl extends ObservableImpl - implements CertStoreConfiguration, DirectoryCertStoreParameters { - /** identifies the rootDirectory */ - private String rootDirectory; - /** ConfigurationProvider */ - private ConfigurationProvider conf; - /** Array for storing all CertStoreParameters */ - private CertStoreParameters[] parameters; - - /** - * Create a new CertStoreConfigurationImpl. - * - * @param conf The MOA configuration from which the configuration data is - * @throws ConfigurationException an any config-error - * being read. - */ - public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { - this.conf=conf; - - String certStoreRootDirParam = conf.getCertstoreDirectory(); - - if (certStoreRootDirParam == null) - throw new ConfigurationException( - "config.08", new Object[] {"CertStoreDirectory"}); - - rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); - if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6); - File f = new File(rootDirectory); - if (!f.isDirectory()) - throw new ConfigurationException( - "config.05", new Object[] {"CertStoreDirectory"}); - - parameters = new CertStoreParameters[] { this }; - } - - /** - * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters() - */ - public CertStoreParameters[] getParameters() { - return parameters; - } - - /** - * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory() - */ - public String getRootDirectory() { - return rootDirectory; - } - - /** - * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() - */ - public boolean createNew() { - return false; - } - - /** - * @see iaik.pki.store.certstore.CertStoreParameters#getId() - */ - public String getId() { - return "MOA ID Directory CertStore"; - } - - /** - * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly() - */ - public boolean isReadOnly() { - return false; - } - - /** - * @return CertStoreTypes.DIRECTORY - * @see iaik.pki.store.certstore.CertStoreParameters#getType() - */ - public String getType() { - return CertStoreTypes.DIRECTORY; - } +public class CertStoreConfigurationImpl extends ObservableImpl + implements CertStoreConfiguration, DirectoryCertStoreParameters { + /** + * identifies the rootDirectory + */ + private String rootDirectory; + /** + * ConfigurationProvider + */ + private ConfigurationProvider conf; + /** + * Array for storing all CertStoreParameters + */ + private CertStoreParameters[] parameters; + + /** + * Create a new CertStoreConfigurationImpl. + * + * @param conf The MOA configuration from which the configuration data is + * @throws ConfigurationException an any config-error + * being read. + */ + public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { + this.conf = conf; + + String certStoreRootDirParam = conf.getCertstoreDirectory(); + + if (certStoreRootDirParam == null) + throw new ConfigurationException( + "config.08", new Object[]{"CertStoreDirectory"}); + + //rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); + rootDirectory = certStoreRootDirParam; + Logger.error("Using file: " + rootDirectory); + if (rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(5); + Logger.error("Using file2: " + rootDirectory); + + File f = new File(rootDirectory); + //Logger.error("Using file: " + certStoreRootDirParam + " param: " + conf.getRootConfigFileDir()); + + if (!f.exists()) { + Logger.error("File does not exists: " + f.getAbsolutePath()); + throw new ConfigurationException( + "config.05", new Object[]{"CertStoreDirectory"}); + } + + if (!f.isDirectory()) { + Logger.error("File is not a directory: " + f.getAbsolutePath()); + throw new ConfigurationException( + "config.05", new Object[]{"CertStoreDirectory"}); + } + + + parameters = new CertStoreParameters[]{this}; + } + + /** + * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters() + */ + public CertStoreParameters[] getParameters() { + return parameters; + } + + /** + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory() + */ + public String getRootDirectory() { + return rootDirectory; + } + + /** + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() + */ + public boolean createNew() { + return false; + } + + /** + * @see iaik.pki.store.certstore.CertStoreParameters#getId() + */ + public String getId() { + return "MOA ID Directory CertStore"; + } + + /** + * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly() + */ + public boolean isReadOnly() { + return false; + } + + /** + * @return CertStoreTypes.DIRECTORY + * @see iaik.pki.store.certstore.CertStoreParameters#getType() + */ + public String getType() { + return CertStoreTypes.DIRECTORY; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index cde902e4d..414e383fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -74,6 +74,7 @@ public class MOAAttributeProvider { String attributeValue = method.invoke(object, new Class[]{}).toString(); PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName(storkAttribute); + newAttribute.setStatus("Available"); newAttribute.setIsRequired(isRequired); Logger.debug("Got attribute value: " + attributeValue); -- cgit v1.2.3 From a48a02cf22ae3c021fd81d0d8050018bb535218e Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 24 Feb 2014 15:58:43 +0100 Subject: oaparams available in applugins --- .../moa/id/protocols/stork2/AttributeCollector.java | 2 +- .../egovernment/moa/id/protocols/stork2/AttributeProvider.java | 5 ++++- .../id/protocols/stork2/DemoNoRedirectAttributeProvider.java | 4 +++- .../moa/id/protocols/stork2/DemoRedirectAttributeProvider.java | 4 +++- .../moa/id/protocols/stork2/StorkAttributeRequestProvider.java | 10 ++-------- 5 files changed, 13 insertions(+), 12 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 32a8cb9c5..c1a61904d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -134,7 +134,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response); + e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 117a1f6b4..adf57d77b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -4,6 +4,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -33,8 +34,10 @@ public interface AttributeProvider { * @param citizenCountyCode the citizen county code * @param req the request we got from the S-PEPS and for which we have to ask our APs * @param resp the response to the preceding request + * @param oaParam the oa param + * @throws MOAIDException */ - public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp); + public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; /** * Parses the response we got from the external attribute provider. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 52ff0a85a..e6f340c77 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -5,6 +5,8 @@ import java.util.ArrayList; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; + import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -39,7 +41,7 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { */ @Override public void performRedirect(String url, String citizenCountyCode, - HttpServletRequest req, HttpServletResponse resp) { + HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) { // we should not get here } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index 6dc0a30cc..5d4336149 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -5,6 +5,8 @@ import java.util.ArrayList; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; + import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -38,7 +40,7 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { */ @Override public void performRedirect(String url, String citizenCountyCode, - HttpServletRequest req, HttpServletResponse resp) { + HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) { // we should not get here } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index dd34d0d42..3c689cac9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -1,8 +1,6 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.io.StringWriter; -import java.util.ArrayList; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -12,7 +10,6 @@ import org.apache.velocity.app.VelocityEngine; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; -import at.gv.egovernment.moa.id.config.OAParameter; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; @@ -24,8 +21,6 @@ import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAttrQueryResponse; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -96,10 +91,9 @@ public class StorkAttributeRequestProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) */ @Override - public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp) { - OAAuthParameter oaParam; + public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); + String spSector = "Business"; String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; String spCountry = "AT"; -- cgit v1.2.3 From 5ae5bb1ca7ffda1d4c3f864625c569e6b4b8d6de Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 25 Feb 2014 09:14:17 +0100 Subject: fixed merge issues --- .../main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java | 1 + .../main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 881d3bb2a..d1de20c4d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -352,6 +352,7 @@ public List getRequestedAttributes() { public List getStorkAPs() { return oa_auth.getOASTORK().getAttributeProviders(); +} public byte[] getBKUSelectionTemplate() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index ab106e3c0..d655dc7f2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -106,8 +106,6 @@ public class STORKConfig { } - } - public SignatureCreationParameter getSignatureCreationParameter() { return new SignatureCreationParameter(props, basedirectory); -- cgit v1.2.3 From 3640475187ba8f2bfd4b72b2e6b7fa105432f889 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 25 Feb 2014 09:20:42 +0100 Subject: reentry url is set --- .../gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index c1a61904d..937f6da74 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -36,11 +36,6 @@ public class AttributeCollector implements IAction { /** The Constant ARTIFACT_ID. */ private static final String ARTIFACT_ID = "artifactId"; - /** The return url. */ - // TODO find correct return URL - // HTTPUtils.getBaseURL(req); - private String returnUrl = "findCorrectReturnURL"; - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) */ @@ -134,7 +129,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(returnUrl + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); + e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); -- cgit v1.2.3 From 26404cedff0e60969c98d7a7cab30f8e7eda9ea6 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 25 Feb 2014 16:55:24 +0100 Subject: attr nothing --- .../id/protocols/stork2/AttributeCollector.java | 38 +++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 937f6da74..08244ab38 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -123,7 +123,43 @@ public class AttributeCollector implements IAction { // memorize the container again // - generate new key String newArtifactId = new SecureRandomIdentifierGenerator() - .generateIdentifier(); + .generateIdentifier(); /* + Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); + StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); + + HttpSession httpSession = httpReq.getSession(); + httpSession.setAttribute("STORKSessionID", "12345"); + httpResp.setStatus(startAuthResponse.getHttpStatusCode()); + try { + ServletOutputStream os = httpResp.getOutputStream(); + String html = new String(startAuthResponse.getContent()); + + + if (html.contains(""); + html = html.substring(beginIndex + 9, endIndex); + startAuthResponse.setContent(html.getBytes()); + } + Logger.info("HTML : " + html); + + os.write(startAuthResponse.getContent()); + Logger.info("Response sent to client"); + } catch (IOException e) { + Logger.error("ERROR MOA"); + throw new MOAIDException("error response sending", new Object[]{}); + } + //httpSession.setAttribute("CCC", ccc); + + */ + } + + + //httpResp.setStatus(200); + //VPEPSInboundPostHandler // - put container in temporary store. AssertionStorage.getInstance().put(newArtifactId, container); -- cgit v1.2.3 From f51b28c24ac466b5e25d3047975beac8f14d2c15 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 25 Feb 2014 20:34:44 +0100 Subject: attrcollector --- .../id/protocols/stork2/AttributeCollector.java | 13 +------- .../protocols/stork2/AttributeProviderFactory.java | 17 ++++++---- .../id/protocols/stork2/AuthenticationRequest.java | 38 ++++++++++++++-------- 3 files changed, 37 insertions(+), 31 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 08244ab38..cc0f8569e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -155,18 +155,7 @@ public class AttributeCollector implements IAction { //httpSession.setAttribute("CCC", ccc); */ - } - - - //httpResp.setStatus(200); - //VPEPSInboundPostHandler - - // - put container in temporary store. - AssertionStorage.getInstance().put(newArtifactId, container); - - // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); - } catch (Exception e1) { + } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); throw new MOAIDException("stork.11", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 98d354e8a..9a4c1f59b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -31,12 +31,17 @@ public class AttributeProviderFactory { * @return the attribute provider */ public static AttributeProvider create(String shortname, String url) { - switch (shortname) { - case "StorkAttributeRequestProvider": - return new StorkAttributeRequestProvider(url); - default: - return null; - } + //switch (shortname) { + //case "StorkAttributeRequestProvider": + // return new StorkAttributeRequestProvider(url); + //default: + // return null; + //} + if (shortname.equals("StorkAttributeRequestProvider")) { + return new StorkAttributeRequestProvider(url); + } else { + return null; + } } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index d742d72ef..6ef85d7ae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -1,8 +1,11 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; @@ -22,10 +25,7 @@ import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStreamWriter; -import java.io.Writer; +import java.io.*; import java.util.HashMap; import eu.stork.peps.auth.engine.SAMLEngine; @@ -94,6 +94,13 @@ public class AuthenticationRequest implements IAction { */ } + STORKAuthnResponse authnResponse = new STORKAuthnResponse(); + authnResponse.setCountry("AT"); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + //httpResp.setStatus(200); //VPEPSInboundPostHandler @@ -102,20 +109,23 @@ public class AuthenticationRequest implements IAction { DataContainer container = new DataContainer(); // - fill in the request we extracted above - container.setRequest(request); + container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); // - fill in the partial response created above - container.setResponse(response); + container.setResponse(authnResponse); // - memorize the target url were we have to return the result - container.setTarget(target); - + container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + + + + + if (1==1) // test // see if we need to fetch further attributes - return (new AttributeCollector()).processRequest(container); + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, oaParam); + - STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry("AT"); @@ -163,13 +173,15 @@ public class AuthenticationRequest implements IAction { try { Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); - Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // radi + Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); } catch (IOException e) { e.printStackTrace(); } + // preparing redirection for the client + try { VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); @@ -266,7 +278,7 @@ public class AuthenticationRequest implements IAction { // moaAttributeProvider.populateAttribute(attributeList, "dateOfBirth"); - return authResponse; + return attributeList; } public String getDefaultActionName() { -- cgit v1.2.3 From 1aa6fd1a5b007a9c234e096e6d145cb0235cfd70 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 26 Feb 2014 09:34:59 +0100 Subject: init eHvd AP Plugin --- .../protocols/stork2/AttributeProviderFactory.java | 8 ++-- .../stork2/EHvdAttributeProviderPlugin.java | 50 ++++++++++++++++++++++ 2 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 98d354e8a..23edf69f9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -18,6 +18,7 @@ public class AttributeProviderFactory { public static List getAvailablePlugins() { List result = new ArrayList(); result.add("StorkAttributeRequestProvider"); + result.add("EHvdAttributeProvider"); return result; } @@ -31,10 +32,11 @@ public class AttributeProviderFactory { * @return the attribute provider */ public static AttributeProvider create(String shortname, String url) { - switch (shortname) { - case "StorkAttributeRequestProvider": + if (shortname.equals("StorkAttributeRequestProvider")) { return new StorkAttributeRequestProvider(url); - default: + } else if(shortname.equals("EHvdAttributeProvider")) { + return new EHvdAttributeProviderPlugin(url); + } else { return null; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java new file mode 100644 index 000000000..8783026c2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -0,0 +1,50 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; + +/** + * Fetches the attribute IsHealthcareProfessional from the BAGDAD SOAP service + */ +public class EHvdAttributeProviderPlugin implements AttributeProvider { + + public EHvdAttributeProviderPlugin(String url) { + // TODO Auto-generated constructor stub + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) + */ + @Override + public IPersonalAttributeList acquire(PersonalAttribute attributes) + throws UnsupportedAttributeException, + ExternalAttributeRequestRequiredException { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter) + */ + @Override + public void performRedirect(String url, String citizenCountyCode, + HttpServletRequest req, HttpServletResponse resp, + OAAuthParameter oaParam) throws MOAIDException { + // there is no redirect required + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) + */ + @Override + public IPersonalAttributeList parse(HttpServletRequest httpReq) + throws UnsupportedAttributeException, MOAIDException { + // TODO Auto-generated method stub + return null; + } +} -- cgit v1.2.3 From 2b655368aa6bfb7a0250589a23b2ac328b25c5aa Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 26 Feb 2014 09:36:39 +0100 Subject: disable parse and redirect functionality of eHVD ap plugin --- .../moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 8783026c2..8813ec8dc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -44,7 +44,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { - // TODO Auto-generated method stub - return null; + // there is no redirect required, so we throw an exception when someone asks us to parse a response + throw new UnsupportedAttributeException(); } } -- cgit v1.2.3 From b7a64411283c5a5496383164ced201ef42eb3d63 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 26 Feb 2014 09:46:41 +0100 Subject: sketched communication process --- .../stork2/EHvdAttributeProviderPlugin.java | 25 ++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 8813ec8dc..28f5b23a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -7,6 +7,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; /** * Fetches the attribute IsHealthcareProfessional from the BAGDAD SOAP service @@ -24,8 +25,28 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { public IPersonalAttributeList acquire(PersonalAttribute attributes) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { - // TODO Auto-generated method stub - return null; + + try { + // create SOAP connection + + // assemble SOAP request + + // perform SOAP call + + // parse SOAP response + + // assemble attribute + PersonalAttribute acquiredAttribute = new PersonalAttribute(); + + // pack and return the result + PersonalAttributeList result = new PersonalAttributeList(); + result.add(acquiredAttribute); + + return result; + } catch (Exception e) { + // TODO in case of an error, we might want to inform someone somehow different than by just saying nothing + return null; + } } /* (non-Javadoc) -- cgit v1.2.3 From 2f4f739506a1f054c0fbb3f28e97e1c13f798758 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 26 Feb 2014 10:02:16 +0100 Subject: report an attribute request that is not supported by eHVD AP plugin --- .../moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 28f5b23a3..7dc4b8ac1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -26,6 +26,10 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { + // break when we cannot handle the requested attribute + if(!attributes.getFriendlyName().equals("isHealthcareProfessional")) + throw new UnsupportedAttributeException(); + try { // create SOAP connection -- cgit v1.2.3 From 001161aec7e42825c21fc969cac45f77da31fb86 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 26 Feb 2014 12:09:52 +0100 Subject: raise the SOAP request --- .../stork2/EHvdAttributeProviderPlugin.java | 60 +++++++++++++++++++++- 1 file changed, 58 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 7dc4b8ac1..42652464b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -1,7 +1,22 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.util.ArrayList; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.namespace.QName; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.soap.MessageFactory; +import javax.xml.soap.SOAPBody; +import javax.xml.soap.SOAPConnection; +import javax.xml.soap.SOAPConnectionFactory; +import javax.xml.soap.SOAPElement; +import javax.xml.soap.SOAPEnvelope; +import javax.xml.soap.SOAPMessage; +import javax.xml.soap.SOAPPart; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -14,8 +29,16 @@ import eu.stork.peps.auth.commons.PersonalAttributeList; */ public class EHvdAttributeProviderPlugin implements AttributeProvider { + /** The destination. */ + private Object destination; + + /** + * Instantiates a new e hvd attribute provider plugin. + * + * @param url the service url + */ public EHvdAttributeProviderPlugin(String url) { - // TODO Auto-generated constructor stub + destination = url; } /* (non-Javadoc) @@ -27,15 +50,48 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { ExternalAttributeRequestRequiredException { // break when we cannot handle the requested attribute - if(!attributes.getFriendlyName().equals("isHealthcareProfessional")) + if(!attributes.getFriendlyName().equals("isHCP")) throw new UnsupportedAttributeException(); try { // create SOAP connection + SOAPConnection soapConnection = SOAPConnectionFactory.newInstance().createConnection(); // assemble SOAP request + MessageFactory messageFactory = MessageFactory.newInstance(); + SOAPMessage requestMessage = messageFactory.createMessage(); + SOAPPart requestPart = requestMessage.getSOAPPart(); + + // (soap 1.1 relevant part. could not find a solution to use soap 1.2 in time. + requestMessage.getMimeHeaders().setHeader("SOAPAction", "http://gesundheit.gv.at/BAGDAD/DataAccessService/IsHealthcareProfessional"); + + /* + Construct SOAP Request Message: + + + + string + + + + see https://stork.ehealth.gv.at/GDAService.asmx?op=IsHealthcareProfessional + */ + + // SOAP Envelope + SOAPEnvelope envelope = requestPart.getEnvelope(); + + // SOAP Body + SOAPBody requestBody = envelope.getBody(); + SOAPElement requestBodyElem = requestBody.addChildElement("IsHealthcareProfessional"); + SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK"); + // TODO fetch bpk_gh from somewhere + requestBodyElem1.addTextNode("bpk_gh"); + + requestMessage.saveChanges(); + // perform SOAP call + SOAPMessage responseMessage = soapConnection.call(requestMessage, destination); // parse SOAP response -- cgit v1.2.3 From 5dd5959e9ddd730452d0007fbf2c091d2c2506e1 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 26 Feb 2014 13:54:44 +0100 Subject: parse the SOAP response --- .../stork2/EHvdAttributeProviderPlugin.java | 143 +++++++++++++++++---- 1 file changed, 117 insertions(+), 26 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 42652464b..fdf0806b8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -1,10 +1,13 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.io.StringWriter; import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPBody; @@ -14,6 +17,12 @@ import javax.xml.soap.SOAPElement; import javax.xml.soap.SOAPEnvelope; import javax.xml.soap.SOAPMessage; import javax.xml.soap.SOAPPart; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -58,13 +67,13 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { SOAPConnection soapConnection = SOAPConnectionFactory.newInstance().createConnection(); // assemble SOAP request - MessageFactory messageFactory = MessageFactory.newInstance(); - SOAPMessage requestMessage = messageFactory.createMessage(); - SOAPPart requestPart = requestMessage.getSOAPPart(); - - // (soap 1.1 relevant part. could not find a solution to use soap 1.2 in time. - requestMessage.getMimeHeaders().setHeader("SOAPAction", "http://gesundheit.gv.at/BAGDAD/DataAccessService/IsHealthcareProfessional"); - + MessageFactory messageFactory = MessageFactory.newInstance(); + SOAPMessage requestMessage = messageFactory.createMessage(); + SOAPPart requestPart = requestMessage.getSOAPPart(); + + // (soap 1.1 relevant part. could not find a solution to use soap 1.2 in time. + requestMessage.getMimeHeaders().setHeader("SOAPAction", "http://gesundheit.gv.at/BAGDAD/DataAccessService/IsHealthcareProfessional"); + /* Construct SOAP Request Message: @@ -74,34 +83,116 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { - + see https://stork.ehealth.gv.at/GDAService.asmx?op=IsHealthcareProfessional */ - // SOAP Envelope - SOAPEnvelope envelope = requestPart.getEnvelope(); + // SOAP Envelope + SOAPEnvelope envelope = requestPart.getEnvelope(); + + // SOAP Body + SOAPBody requestBody = envelope.getBody(); + SOAPElement requestBodyElem = requestBody.addChildElement("IsHealthcareProfessional"); + SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK"); + // TODO fetch bpk_gh from somewhere + requestBodyElem1.addTextNode("bpk_gh"); - // SOAP Body - SOAPBody requestBody = envelope.getBody(); - SOAPElement requestBodyElem = requestBody.addChildElement("IsHealthcareProfessional"); - SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK"); - // TODO fetch bpk_gh from somewhere - requestBodyElem1.addTextNode("bpk_gh"); + requestMessage.saveChanges(); - requestMessage.saveChanges(); - // perform SOAP call - SOAPMessage responseMessage = soapConnection.call(requestMessage, destination); - + SOAPMessage responseMessage = soapConnection.call(requestMessage, destination); + // parse SOAP response - - // assemble attribute - PersonalAttribute acquiredAttribute = new PersonalAttribute(); - + + /* + + + + + boolean + string + boolean + string + string + string + + + + + + see https://stork.ehealth.gv.at/GDAService.asmx?op=IsHealthcareProfessional + */ + SOAPBody responseBody = responseMessage.getSOAPBody(); + + // iterate through tree + SOAPElement responseElement = (SOAPElement) responseBody.getChildElements().next(); + SOAPElement resultElement = (SOAPElement) responseElement.getChildElements().next(); + SOAPElement tmp; + + // collect all info in a map + Iterator it = resultElement.getChildElements(); + Map collection = new HashMap(); + while (it.hasNext()) { + SOAPElement current = (SOAPElement) it.next(); + + collection.put(current.getNodeName(), current.getTextContent()); + + } + + // check if there is anything valid in the map + if (collection.isEmpty() || collection.size() != 6) { + // TODO report error + } + + // - fetch request validity + if (collection.get("RequestOK").equals("false")) { + // TODO report error + } + + PersonalAttribute acquiredAttribute = null; + + if (collection.get("IsHealthcareProfessional").equals("false")) { + // the citizen is no HCP + acquiredAttribute = new PersonalAttribute("isHCP", false, new ArrayList(), "NotAvailable"); + } else { + // go on and parse the data + + Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + + Element orgname = doc.createElement("nameOfOrganisation"); + orgname.appendChild(doc.createTextNode(collection.get("NameOfOrganization"))); + doc.appendChild(orgname); + + Element type = doc.createElement("HCP"); + // TODO fix value mapping + if (collection.get("Type").equals("Medical Doctors")) + type.appendChild(doc.createTextNode("D")); + doc.appendChild(type); + + Element specialization = doc.createElement("specialisation"); + // TODO fix value mapping + specialization.appendChild(doc.createTextNode(collection.get("Specialization").substring(0, 2))); + doc.appendChild(specialization); + + // get string from dom tree + Source source = new DOMSource(doc); + StringWriter out = new StringWriter(); + Result result = new StreamResult(out); + + TransformerFactory tFactory = TransformerFactory.newInstance(); + Transformer transformer = tFactory.newTransformer(); + transformer.transform(source, result); + + ArrayList value = new ArrayList(); + value.add(out.toString()); + + acquiredAttribute = new PersonalAttribute("isHCP", false, value, "Available"); + } + // pack and return the result PersonalAttributeList result = new PersonalAttributeList(); result.add(acquiredAttribute); - + return result; } catch (Exception e) { // TODO in case of an error, we might want to inform someone somehow different than by just saying nothing -- cgit v1.2.3 From 02800dff9580924a9b912ca9f2ff56c9a40d2152 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 26 Feb 2014 14:06:36 +0100 Subject: error handling --- .../moa/id/protocols/stork2/AttributeCollector.java | 3 +++ .../moa/id/protocols/stork2/AttributeProvider.java | 2 +- .../id/protocols/stork2/EHvdAttributeProviderPlugin.java | 15 ++++++++------- 3 files changed, 12 insertions(+), 8 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 937f6da74..f36232eb9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -113,6 +113,9 @@ public class AttributeCollector implements IAction { container.getResponse().getPersonalAttributeList().add(current); } catch(UnsupportedAttributeException e) { // ok, try the next attributeprovider + } catch(MOAIDException e) { + // the current plugin had an error. Try the next one. + // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index adf57d77b..9e6cba923 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -25,7 +25,7 @@ public interface AttributeProvider { * @throws UnsupportedAttributeException the unsupported attribute exception * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done */ - public IPersonalAttributeList acquire(PersonalAttribute attributes) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException; + public IPersonalAttributeList acquire(PersonalAttribute attributes) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; /** * Perform redirect. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index fdf0806b8..474dcb8fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -29,6 +29,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -56,8 +57,8 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { @Override public IPersonalAttributeList acquire(PersonalAttribute attributes) throws UnsupportedAttributeException, - ExternalAttributeRequestRequiredException { - + ExternalAttributeRequestRequiredException, MOAIDException { + // break when we cannot handle the requested attribute if(!attributes.getFriendlyName().equals("isHCP")) throw new UnsupportedAttributeException(); @@ -136,17 +137,18 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { SOAPElement current = (SOAPElement) it.next(); collection.put(current.getNodeName(), current.getTextContent()); - } // check if there is anything valid in the map if (collection.isEmpty() || collection.size() != 6) { - // TODO report error + Logger.warn("eHVD returned an unexpected count of values. Expected 6 got " + collection.size()); + throw new IndexOutOfBoundsException("response attributes not like specified"); } // - fetch request validity if (collection.get("RequestOK").equals("false")) { - // TODO report error + Logger.warn("eHVD reported an invalid request. The error message is: " + collection.get("Message")); + throw new Exception("eHVD reported an invalid request"); } PersonalAttribute acquiredAttribute = null; @@ -195,8 +197,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { return result; } catch (Exception e) { - // TODO in case of an error, we might want to inform someone somehow different than by just saying nothing - return null; + throw new MOAIDException("stork.13", new Object[] { e }); } } -- cgit v1.2.3 From 03952b60036874105f8d5575ca2d06594e70c759 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 26 Feb 2014 15:05:27 +0100 Subject: use appropriate PK in eHVD AP plugin --- .../gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java | 6 +++--- .../gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java | 5 ++++- .../moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java | 3 ++- .../moa/id/protocols/stork2/DemoRedirectAttributeProvider.java | 3 ++- .../moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java | 7 +++---- .../moa/id/protocols/stork2/StorkAttributeRequestProvider.java | 3 ++- 6 files changed, 16 insertions(+), 11 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index f36232eb9..b7fa37757 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -79,7 +79,7 @@ public class AttributeCollector implements IAction { container.getResponse().getPersonalAttributeList().add(current); // see if we need some more attributes - return processRequest(container, httpReq, httpResp, oaParam); + return processRequest(container, httpReq, httpResp, moasession, oaParam); } /** @@ -90,7 +90,7 @@ public class AttributeCollector implements IAction { * @return the string * @throws MOAIDException */ - public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException { + public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -106,7 +106,7 @@ public class AttributeCollector implements IAction { for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { try { // - hand over control to the suitable plugin - IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute); + IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); // - add the aquired attribute to the container for(PersonalAttribute current : aquiredAttributes) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 9e6cba923..59376fef6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -21,11 +22,13 @@ public interface AttributeProvider { * the response. * * @param attributes the list of attributes to be acquired + * @param moasession the moasession * @return the personal attribute * @throws UnsupportedAttributeException the unsupported attribute exception * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done + * @throws MOAIDException the mOAID exception */ - public IPersonalAttributeList acquire(PersonalAttribute attributes) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; + public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; /** * Perform redirect. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index e6f340c77..669a9389b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -5,6 +5,7 @@ import java.util.ArrayList; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import eu.stork.peps.auth.commons.IPersonalAttributeList; @@ -20,7 +21,7 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ @Override - public IPersonalAttributeList acquire(PersonalAttribute attributeName) + public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession) throws UnsupportedAttributeException { PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList(), "")); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index 5d4336149..2f6b69075 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -5,6 +5,7 @@ import java.util.ArrayList; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import eu.stork.peps.auth.commons.IPersonalAttributeList; @@ -20,7 +21,7 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ @Override - public IPersonalAttributeList acquire(PersonalAttribute attributeName) + public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { throw new ExternalAttributeRequestRequiredException(this); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 474dcb8fa..8b96e0d10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -27,6 +27,7 @@ import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.logging.Logger; @@ -55,7 +56,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ @Override - public IPersonalAttributeList acquire(PersonalAttribute attributes) + public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { @@ -95,8 +96,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { SOAPBody requestBody = envelope.getBody(); SOAPElement requestBodyElem = requestBody.addChildElement("IsHealthcareProfessional"); SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK"); - // TODO fetch bpk_gh from somewhere - requestBodyElem1.addTextNode("bpk_gh"); + requestBodyElem1.addTextNode(moasession.getIdentityLink().getIdentificationValue()); requestMessage.saveChanges(); @@ -128,7 +128,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { // iterate through tree SOAPElement responseElement = (SOAPElement) responseBody.getChildElements().next(); SOAPElement resultElement = (SOAPElement) responseElement.getChildElements().next(); - SOAPElement tmp; // collect all info in a map Iterator it = resultElement.getChildElements(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 3c689cac9..bd6f192dc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -8,6 +8,7 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -47,7 +48,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ @Override - public IPersonalAttributeList acquire(PersonalAttribute attribute) + public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(attribute); -- cgit v1.2.3 From caee81b311e93720d4c1fe2b3de22cdcbb0fe74d Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 26 Feb 2014 16:32:48 +0100 Subject: config --- .../id/protocols/stork2/AuthenticationRequest.java | 55 ++++++++++++---------- 1 file changed, 31 insertions(+), 24 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 6ef85d7ae..db3e12f43 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -4,6 +4,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; @@ -64,7 +65,7 @@ public class AuthenticationRequest implements IAction { Logger.debug("STORK QAA 2 :" + ((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getQAALevel()); StartAuthResponse startAuthResponse = getStartAuthResponse(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); - HttpSession httpSession = httpReq.getSession(); + HttpSession httpSession = httpReq.getSession(); performRed httpSession.setAttribute("STORKSessionID", "12345"); httpResp.setStatus(startAuthResponse.getHttpStatusCode()); try { @@ -102,12 +103,37 @@ public class AuthenticationRequest implements IAction { throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + // Prepare basic AT attributes + try { + IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); + Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); + + + for (PersonalAttribute personalAttribute : moaAttrList) { + Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); + if (personalAttribute.getValue().size() > 0) { + for (String value : personalAttribute.getValue()) { + Logger.info(" Value found: " + value); + } + } + } + + } catch (Exception e) { + Logger.error("Exception, attributes: " + e.getMessage()); + } + + authnResponse.setPersonalAttributeList(populateAttributes()); + + // Prepare extended attributes + Logger.debug("Preparing data container"); + //httpResp.setStatus(200); //VPEPSInboundPostHandler // create fresh container DataContainer container = new DataContainer(); - + + // - fill in the request we extracted above container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); @@ -118,39 +144,20 @@ public class AuthenticationRequest implements IAction { container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + Logger.debug("Data container prepared"); - if (1==1) // test + if (1==0) // test // see if we need to fetch further attributes return (new AttributeCollector()).processRequest(container, httpReq, httpResp, oaParam); + Logger.debug("Finished sending data container"); - - try { - IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); - Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); - - - for (PersonalAttribute personalAttribute : moaAttrList) { - Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); - if (personalAttribute.getValue().size() > 0) { - for (String value : personalAttribute.getValue()) { - Logger.info(" Value found: " + value); - } - } - } - - } catch (Exception e) { - Logger.error("Exception, attributes: " + e.getMessage()); - } - - authnResponse.setPersonalAttributeList(populateAttributes()); - try { //Get SAMLEngine instance STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); -- cgit v1.2.3 From 11e26b97a643704f17f34e7424269325ed51472d Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 26 Feb 2014 17:21:59 +0100 Subject: adjusting attribute collector --- .../id/protocols/stork2/AttributeCollector.java | 333 +++++++++++++-------- .../id/protocols/stork2/AuthenticationRequest.java | 149 +-------- .../moa/id/protocols/stork2/DataContainer.java | 14 +- .../stork2/StorkAttributeRequestProvider.java | 3 - 4 files changed, 215 insertions(+), 284 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index fcef1487e..bc5a0c0c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -1,11 +1,9 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import java.util.ArrayList; -import java.util.List; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -13,169 +11,240 @@ import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.commons.io.IOUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; - -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; +import javax.servlet.http.HttpSession; +import java.io.IOException; +import java.io.StringWriter; +import java.util.ArrayList; +import java.util.List; /** * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. * The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes. * Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user * interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes. - * + *

* TODO how do we treat mandatory and optional attributes? - * */ public class AttributeCollector implements IAction { - - /** The Constant ARTIFACT_ID. */ - private static final String ARTIFACT_ID = "artifactId"; - + + /** + * The Constant ARTIFACT_ID. + */ + private static final String ARTIFACT_ID = "artifactId"; + private DataContainer container; + private HttpServletResponse httpResp; + + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) */ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - // read configuration parameters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); - - // find the attribute provider plugin that can handle the response - IPersonalAttributeList newAttributes = null; - for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) - try { - newAttributes = current.parse(httpReq); - } catch (UnsupportedAttributeException e1) { - // the current provider cannot find anything familiar within the - // provided httpreq. Try the next one. - } - - if (null == newAttributes) { - // we do not have a provider which is capable of fetching something - // from the received httpreq. - // TODO should we continue with the next attribute? - Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); - throw new MOAIDException("stork.11", null); - } - - // - fetch the container - String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); - DataContainer container; - try { - container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); - } catch (MOADatabaseException e) { - Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); - throw new MOAIDException("stork.11", null); - } - - // - insert the embedded attribute(s) into the container - for(PersonalAttribute current : newAttributes) - container.getResponse().getPersonalAttributeList().add(current); - - // see if we need some more attributes - return processRequest(container, httpReq, httpResp, moasession, oaParam); + this.httpResp = httpResp; + + // read configuration parameters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + + // find the attribute provider plugin that can handle the response + IPersonalAttributeList newAttributes = null; + for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) + try { + newAttributes = current.parse(httpReq); + } catch (UnsupportedAttributeException e1) { + // the current provider cannot find anything familiar within the + // provided httpreq. Try the next one. + } + + if (null == newAttributes) { + // we do not have a provider which is capable of fetching something + // from the received httpreq. + // TODO should we continue with the next attribute? + Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); + throw new MOAIDException("stork.11", null); + } + + // - fetch the container + String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); + DataContainer container; + try { + container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); + } catch (MOADatabaseException e) { + Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); + throw new MOAIDException("stork.11", null); + } + + // - insert the embedded attribute(s) into the container + for (PersonalAttribute current : newAttributes) + container.getResponse().getPersonalAttributeList().add(current); + + // see if we need some more attributes + return processRequest(container, httpReq, httpResp, moasession, oaParam); } - + /** * Checks if there are missing attributes and tries to fetch them. If there are no more attribute to fetch, * this very method creates and sends the protocol result to the asking S-PEPS. * * @param container the {@link DataContainer} representing the status of the overall query. * @return the string - * @throws MOAIDException + * @throws MOAIDException */ public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { - // check if there are attributes we need to fetch - IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); - IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); - List missingAttributes = new ArrayList(); - for(PersonalAttribute current : requestAttributeList) - if(!responseAttributeList.containsKey(current)) - missingAttributes.add(current); - - try { - // for each attribute still missing - for(PersonalAttribute currentAttribute : missingAttributes) { - // - check if we can find a suitable AttributeProvider Plugin - for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { - try { - // - hand over control to the suitable plugin - IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); - - // - add the aquired attribute to the container - for(PersonalAttribute current : aquiredAttributes) - container.getResponse().getPersonalAttributeList().add(current); - } catch(UnsupportedAttributeException e) { - // ok, try the next attributeprovider - } catch(MOAIDException e) { - // the current plugin had an error. Try the next one. - // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop - } - - } - } - } catch (ExternalAttributeRequestRequiredException e) { - // the attribute request is ongoing and requires an external service. - try { - // memorize the container again - // - generate new key - String newArtifactId = new SecureRandomIdentifierGenerator() - .generateIdentifier(); /* - Logger.debug("STORK QAA 2 :" + ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getQAALevel()); - StartAuthResponse startAuthResponse = getStartAuthResponse(((STORKAuthnRequestDEL) req).getStorkAuthnRequest()); - - HttpSession httpSession = httpReq.getSession(); - httpSession.setAttribute("STORKSessionID", "12345"); - httpResp.setStatus(startAuthResponse.getHttpStatusCode()); - try { - ServletOutputStream os = httpResp.getOutputStream(); - String html = new String(startAuthResponse.getContent()); - - - if (html.contains(""); - html = html.substring(beginIndex + 9, endIndex); - startAuthResponse.setContent(html.getBytes()); - } - Logger.info("HTML : " + html); + // check if there are attributes we need to fetch + this.httpResp = response; + this.container = container; + + IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); + IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); + List missingAttributes = new ArrayList(); + for (PersonalAttribute current : requestAttributeList) + if (!responseAttributeList.containsKey(current)) + missingAttributes.add(current); + + try { + // for each attribute still missing + for (PersonalAttribute currentAttribute : missingAttributes) { + // - check if we can find a suitable AttributeProvider Plugin + for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { + try { + // - hand over control to the suitable plugin + IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); + + // - add the aquired attribute to the container + for (PersonalAttribute current : aquiredAttributes) + container.getResponse().getPersonalAttributeList().add(current); + } catch (UnsupportedAttributeException e) { + // ok, try the next attributeprovider + } catch (MOAIDException e) { + // the current plugin had an error. Try the next one. + // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop + } - os.write(startAuthResponse.getContent()); - Logger.info("Response sent to client"); - } catch (IOException e) { - Logger.error("ERROR MOA"); - throw new MOAIDException("error response sending", new Object[]{}); + } + } + } catch (ExternalAttributeRequestRequiredException e) { + // the attribute request is ongoing and requires an external service. + try { + // memorize the container again + // - generate new key + String newArtifactId = new SecureRandomIdentifierGenerator() + .generateIdentifier(); + } catch (Exception e1) { + // TODO should we return the response as is to the PEPS? + Logger.error("Error putting incomplete Stork response into temporary storage", e); + throw new MOAIDException("stork.11", null); } - //httpSession.setAttribute("CCC", ccc); - - */ - } catch (Exception e1) { - // TODO should we return the response as is to the PEPS? - Logger.error("Error putting incomplete Stork response into temporary storage", e); - throw new MOAIDException("stork.11", null); - } - - return "12345"; // TODO what to do here? - } - // build response - // done - return "12345"; // AssertionId + + return "12345"; // TODO what to do here? + } + + // build response + generateSTORKResponse(); + + // set new http response + generateRedirectResponse(); + response = httpResp; + + return "12345"; // AssertionId + } + + + private void generateSTORKResponse() throws MOAIDException { + STORKAuthnResponse authnResponse = container.getResponse(); + STORKAuthnRequest authnRequest = container.getRequest(); + + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("vidp"); + Logger.debug("Starting generation of SAML response"); + authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false); + + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + Logger.info("STORK SAML Response message succesfully generated "); + String statusCodeValue = authnResponse.getStatusCode(); + + try { + Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); + Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works + Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + + } catch (IOException e) { + e.printStackTrace(); + } + + container.setResponse(authnResponse); + + } + + + private void generateRedirectResponse() { + STORKAuthnResponse authnResponse = container.getResponse(); + STORKAuthnRequest authnRequest = container.getRequest(); + + + // preparing redirection for the client + + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + + context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + + Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); + context.put("action", authnRequest.getAssertionConsumerServiceURL()); + Logger.debug("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.debug("Doing template merge"); + template.merge(context, writer); + Logger.debug("Template merge done"); + + Logger.debug("Sending html content: " + writer.getBuffer().toString()); + Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + + + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + } + + //HttpSession httpSession = this.httpResp.getSession(); + //httpSession.setAttribute("STORKSessionID", "12345"); + //Logger.info("Status code again: " + authnResponse.getStatusCode()); + + //return "12345"; // AssertionId } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { - // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. + // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. return false; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index db3e12f43..b3f009ae2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -59,41 +59,6 @@ public class AuthenticationRequest implements IAction { Logger.debug("Remote user: " + httpReq.getRemoteAddr()); Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); httpResp.reset(); - //httpResp.addHeader("Location", "http:/www.google.com"); - if (req instanceof MOASTORKAuthnRequest) { - /* - Logger.debug("STORK QAA 2 :" + ((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getQAALevel()); - StartAuthResponse startAuthResponse = getStartAuthResponse(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); - - HttpSession httpSession = httpReq.getSession(); performRed - httpSession.setAttribute("STORKSessionID", "12345"); - httpResp.setStatus(startAuthResponse.getHttpStatusCode()); - try { - ServletOutputStream os = httpResp.getOutputStream(); - String html = new String(startAuthResponse.getContent()); - - - if (html.contains(""); - html = html.substring(beginIndex + 9, endIndex); - startAuthResponse.setContent(html.getBytes()); - } - Logger.info("HTML : " + html); - - os.write(startAuthResponse.getContent()); - Logger.info("Response sent to client"); - } catch (IOException e) { - Logger.error("ERROR MOA"); - throw new MOAIDException("error response sending", new Object[]{}); - } - //httpSession.setAttribute("CCC", ccc); - - */ - } STORKAuthnResponse authnResponse = new STORKAuthnResponse(); authnResponse.setCountry("AT"); @@ -122,18 +87,15 @@ public class AuthenticationRequest implements IAction { Logger.error("Exception, attributes: " + e.getMessage()); } + // Get personal attributtes from MOA/IdentityLink authnResponse.setPersonalAttributeList(populateAttributes()); // Prepare extended attributes Logger.debug("Preparing data container"); - //httpResp.setStatus(200); - //VPEPSInboundPostHandler - // create fresh container DataContainer container = new DataContainer(); - // - fill in the request we extracted above container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); @@ -146,90 +108,8 @@ public class AuthenticationRequest implements IAction { Logger.debug("Data container prepared"); + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); - if (1==0) // test - // see if we need to fetch further attributes - return (new AttributeCollector()).processRequest(container, httpReq, httpResp, oaParam); - - Logger.debug("Finished sending data container"); - - - - - - - try { - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); - Logger.debug("Starting generation of SAML response"); - authnResponse = engine.generateSTORKAuthnResponse(((MOASTORKAuthnRequest)req).getStorkAuthnRequest(),authnResponse,httpReq.getRemoteAddr(),false); - //generateSAML Token - Logger.info("SAML response succesfully generated!"); - }catch(STORKSAMLEngineException e){ - Logger.error("Failed to generate STORK SAML Response", e); - throw new MOAIDException("stork.05", null); - } - - Logger.info("STORK SAML Response message succesfully generated "); - Logger.debug("STORK response: "); - - Logger.debug("authn response string: " + authnResponse.toString()); - - String statusCodeValue = authnResponse.getStatusCode(); - Logger.debug("authn status code value: " + statusCodeValue); - - try { - Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); - Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works - Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); - - } catch (IOException e) { - e.printStackTrace(); - } - - // preparing redirection for the client - - try { - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); - VelocityContext context = new VelocityContext(); - //Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); - - //context.put("SAMLResponse", IOUtils.toString(authnResponse.getTokenSaml())); - - context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); - Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); - //Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.encode(context.get("SAMLResponse").toString().getBytes())); - - Logger.debug("Putting assertion consumer url as action: " + ((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); - context.put("action", ((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); - Logger.debug("Starting template merge"); - StringWriter writer = new StringWriter(); - //PrintWriter pwriter = new StringWriter(); - - Logger.debug("Doing template merge"); - template.merge(context, writer); - Logger.debug("Template merge done"); - - Logger.debug("Sending html content: " + writer.getBuffer().toString()); - Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); - - - - httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); - - } catch (Exception e) { - Logger.error("Velocity error: " + e.getMessage()); - } - - HttpSession httpSession = httpReq.getSession(); - httpSession.setAttribute("STORKSessionID", "12345"); - Logger.info("Status code again: " + authnResponse.getStatusCode()); - - - - - return "12345"; // AssertionId } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { @@ -249,42 +129,17 @@ public class AuthenticationRequest implements IAction { try { for (PersonalAttribute personalAttribute : attrLst) { Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); - moaAttributeProvider.populateAttribute(attributeList, personalAttribute); - - // if ("givenName".equals(personalAttribute.getName())) { - // Logger.debug("Providing new attribute: " + personalAttribute.getName()); - // PersonalAttribute newAttribute = new PersonalAttribute(); - // newAttribute.setName("givenName"); - // newAttribute.setValue(new ArrayList(Collections.singletonList(moaSession.getIdentityLink().getGivenName()))); - // attributeList.add(newAttribute); - // } - } } catch (Exception e) { Logger.error("Exception, attributes: " + e.getMessage()); } - Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock()); Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName()); - - Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier()); - - Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken()); - // moaAttributeProvider.populateAttribute(attributeList, personalAttribute.getName()); - - // moaAttributeProvider.populateAttribute(attributeList, "givenName"); - - // moaAttributeProvider.populateAttribute(attributeList, "surname"); - - // moaAttributeProvider.populateAttribute(attributeList, "xxname"); - - // moaAttributeProvider.populateAttribute(attributeList, "dateOfBirth"); - return attributeList; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java index 40c827ef8..44ad0000a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java @@ -22,8 +22,9 @@ public class DataContainer implements Serializable { /** The target. */ private String target; - - /** + private String remoteAddress; + + /** * Gets the request. * * @return the request @@ -76,4 +77,13 @@ public class DataContainer implements Serializable { public void setTarget(String target) { this.target = target; } + + /* + Sets IP address + */ + public void setRemoteAddress(String address) { this.remoteAddress = address; } + public String getRemoteAddress() { + return this.remoteAddress; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index bd6f192dc..4314e666e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -47,7 +47,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - @Override public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { requestedAttributes = new PersonalAttributeList(1); @@ -58,7 +57,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ - @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); @@ -91,7 +89,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) */ - @Override public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { String spSector = "Business"; -- cgit v1.2.3 From 27b4ca05aeac39b0a180a13e44ed354e80fb47dd Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 26 Feb 2014 19:28:55 +0100 Subject: attribute collector --- .../id/protocols/stork2/AttributeCollector.java | 30 ++++++++++++++++------ .../id/protocols/stork2/AuthenticationRequest.java | 2 ++ 2 files changed, 24 insertions(+), 8 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index bc5a0c0c6..57c68e94c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -69,6 +69,7 @@ public class AttributeCollector implements IAction { } catch (UnsupportedAttributeException e1) { // the current provider cannot find anything familiar within the // provided httpreq. Try the next one. + // TODO check the loop } if (null == newAttributes) { @@ -89,6 +90,8 @@ public class AttributeCollector implements IAction { throw new MOAIDException("stork.11", null); } + + // - insert the embedded attribute(s) into the container for (PersonalAttribute current : newAttributes) container.getResponse().getPersonalAttributeList().add(current); @@ -117,6 +120,7 @@ public class AttributeCollector implements IAction { if (!responseAttributeList.containsKey(current)) missingAttributes.add(current); + // Try to get all missing attributes try { // for each attribute still missing for (PersonalAttribute currentAttribute : missingAttributes) { @@ -138,6 +142,16 @@ public class AttributeCollector implements IAction { } } + + // build response + generateSTORKResponse(); + + // set new http response + generateRedirectResponse(); + response = httpResp; + + return "12345"; // AssertionId + } catch (ExternalAttributeRequestRequiredException e) { // the attribute request is ongoing and requires an external service. try { @@ -145,6 +159,13 @@ public class AttributeCollector implements IAction { // - generate new key String newArtifactId = new SecureRandomIdentifierGenerator() .generateIdentifier(); + // - put container in temporary store. + AssertionStorage.getInstance().put(newArtifactId, container); + + // add container-key to redirect embedded within the return URL + e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); + + } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); @@ -154,14 +175,7 @@ public class AttributeCollector implements IAction { return "12345"; // TODO what to do here? } - // build response - generateSTORKResponse(); - - // set new http response - generateRedirectResponse(); - response = httpResp; - return "12345"; // AssertionId } @@ -171,7 +185,7 @@ public class AttributeCollector implements IAction { try { //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("vidp"); + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); Logger.debug("Starting generation of SAML response"); authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index b3f009ae2..d4996c26a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -105,6 +105,8 @@ public class AuthenticationRequest implements IAction { // - memorize the target url were we have to return the result container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + container.setRemoteAddress(httpReq.getRemoteAddr()); + Logger.debug("Data container prepared"); -- cgit v1.2.3 From ce0962d20a720e6c16adfd89ee8d71639d65dd52 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 27 Feb 2014 14:32:30 +0100 Subject: build stork euid --- .../moa/id/auth/builder/BPKBuilder.java | 196 +++++++++++++-------- .../id/protocols/stork2/AuthenticationRequest.java | 13 +- 2 files changed, 136 insertions(+), 73 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index bd87737ed..fd8f3f875 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -2,19 +2,19 @@ * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * + * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works @@ -46,91 +46,143 @@ package at.gv.egovernment.moa.id.auth.builder; -import java.security.MessageDigest; - import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; +import java.security.MessageDigest; + /** * Builder for the bPK, as defined in * "Ableitung f¨r die bereichsspezifische Personenkennzeichnung" * version 1.0.1 from "reference.e-government.gv.at". - * + * * @author Paul Schamberger * @version $Id$ */ public class BPKBuilder { - /** - * Builds the bPK from the given parameters. - * @param identificationValue Base64 encoded "Stammzahl" - * @param target "Bereich lt. Verordnung des BKA" - * @return bPK in a BASE64 encoding - * @throws BuildException if an error occurs on building the bPK - */ - public String buildBPK(String identificationValue, String target) - throws BuildException { - - if ((identificationValue == null || - identificationValue.length() == 0 || - target == null || - target.length() == 0)) - { - throw new BuildException("builder.00", - new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" + - identificationValue + ",target=" + target}); + /** + * Builds the bPK from the given parameters. + * + * @param identificationValue Base64 encoded "Stammzahl" + * @param target "Bereich lt. Verordnung des BKA" + * @return bPK in a BASE64 encoding + * @throws BuildException if an error occurs on building the bPK + */ + public String buildBPK(String identificationValue, String target) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + target == null || + target.length() == 0)) { + throw new BuildException("builder.00", + new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ",target=" + target}); + } + String basisbegriff; + if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) + basisbegriff = identificationValue + "+" + target; + else + basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; + + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[]{"bPK", ex.toString()}, ex); + } } - String basisbegriff; - if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) - basisbegriff = identificationValue + "+" + target; - else - basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; - - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - } catch (Exception ex) { - throw new BuildException("builder.00", new Object[] {"bPK", ex.toString()}, ex); + + /** + * Builds the wbPK from the given parameters. + * + * @param identificationValue Base64 encoded "Stammzahl" + * @param registerAndOrdNr type of register + "+" + number in register. + * @return wbPK in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + public String buildWBPK(String identificationValue, String registerAndOrdNr) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + registerAndOrdNr == null || + registerAndOrdNr.length() == 0)) { + throw new BuildException("builder.00", + new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); + } + + String basisbegriff; + if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+")) + basisbegriff = identificationValue + "+" + registerAndOrdNr; + else + basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; + + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[]{"wbPK", ex.toString()}, ex); + } } - } - - /** - * Builds the wbPK from the given parameters. - * @param identificationValue Base64 encoded "Stammzahl" - * @param registerAndOrdNr type of register + "+" + number in register. - * @return wbPK in a BASE64 encoding - * @throws BuildException if an error occurs on building the wbPK - */ - public String buildWBPK(String identificationValue, String registerAndOrdNr) - throws BuildException { - - if ((identificationValue == null || - identificationValue.length() == 0 || - registerAndOrdNr == null || - registerAndOrdNr.length() == 0)) - { - throw new BuildException("builder.00", - new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + - identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); + + /** + * Builds the wbPK from the given parameters. + * + * @param identificationValue Base64 encoded "Stammzahl" + * @param destinationCountry destination country code (2 chars) + * @return storkid in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + public String buildStorkPK(String identificationValue, String destinationCountry) + throws BuildException { + return buildStorkPK(identificationValue, "AT", destinationCountry); } - - String basisbegriff; - if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+" )) - basisbegriff = identificationValue + "+" + registerAndOrdNr; - else - basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; - - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - } catch (Exception ex) { - throw new BuildException("builder.00", new Object[] {"wbPK", ex.toString()}, ex); + + + /** + * Builds the wbPK from the given parameters. + * + * @param identificationValue Base64 encoded "Stammzahl" + * @param sourceCountry source country code (2 chars) + * @param destinationCountry destination country code (2 chars) + * @return storkid in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + public String buildStorkPK(String identificationValue, String sourceCountry, String destinationCountry) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + destinationCountry == null || + destinationCountry.length() == 0 || + destinationCountry.length() != 2 || + sourceCountry == null || + sourceCountry.length() == 0 || + sourceCountry.length() != 2)) { + throw new BuildException("builder.00", + new Object[]{"storkid", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); + } + + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry; + + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[]{"storkid", ex.toString()}, ex); + } } - } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index d4996c26a..3288e064f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -10,6 +10,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import edu.emory.mathcs.backport.java.util.Collections; import eu.stork.peps.auth.commons.*; @@ -29,6 +30,7 @@ import javax.servlet.http.HttpSession; import java.io.*; import java.util.HashMap; import eu.stork.peps.auth.engine.SAMLEngine; +import org.w3c.dom.Element; /** @@ -52,6 +54,15 @@ public class AuthenticationRequest implements IAction { this.moaSession = moasession; this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req; + MISMandate mandate = moasession.getMISMandate(); + String owbpk = mandate.getOWbPK(); + byte[] mand = mandate.getMandate(); + String profprep = mandate.getProfRep(); + //String textdesc = mandate.getTextualDescriptionOfOID(); + Element mndt = moasession.getMandate(); + + + Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); Logger.debug("Starting AuthenticationRequest"); //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); @@ -61,7 +72,7 @@ public class AuthenticationRequest implements IAction { httpResp.reset(); STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry("AT"); + authnResponse.setCountry("EU"); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); if (oaParam == null) -- cgit v1.2.3 From 433e76b8b63b20a1d28f876f32a04f14342a9092 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 27 Feb 2014 15:14:32 +0100 Subject: integrating stork eidattribute --- .../at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java | 10 ++++------ .../moa/id/protocols/stork2/AuthenticationRequest.java | 8 ++++++-- .../moa/id/protocols/stork2/MOAAttributeProvider.java | 15 +++++++++++++-- 3 files changed, 23 insertions(+), 10 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index fd8f3f875..fc43d25e5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -141,9 +141,9 @@ public class BPKBuilder { * @return storkid in a BASE64 encoding * @throws BuildException if an error occurs on building the wbPK */ - public String buildStorkPK(String identificationValue, String destinationCountry) + public String buildStorkbPK(String identificationValue, String destinationCountry) throws BuildException { - return buildStorkPK(identificationValue, "AT", destinationCountry); + return buildStorkbPK(identificationValue, "AT", destinationCountry); } @@ -156,17 +156,15 @@ public class BPKBuilder { * @return storkid in a BASE64 encoding * @throws BuildException if an error occurs on building the wbPK */ - public String buildStorkPK(String identificationValue, String sourceCountry, String destinationCountry) + public String buildStorkbPK(String identificationValue, String sourceCountry, String destinationCountry) throws BuildException { if ((identificationValue == null || identificationValue.length() == 0 || destinationCountry == null || destinationCountry.length() == 0 || - destinationCountry.length() != 2 || sourceCountry == null || - sourceCountry.length() == 0 || - sourceCountry.length() != 2)) { + sourceCountry.length() == 0)) { throw new BuildException("builder.00", new Object[]{"storkid", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 3288e064f..6a2fe3bfc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -54,6 +54,7 @@ public class AuthenticationRequest implements IAction { this.moaSession = moasession; this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req; + try{ MISMandate mandate = moasession.getMISMandate(); String owbpk = mandate.getOWbPK(); byte[] mand = mandate.getMandate(); @@ -63,6 +64,7 @@ public class AuthenticationRequest implements IAction { Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); +} catch (Exception x) {} Logger.debug("Starting AuthenticationRequest"); //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); @@ -72,7 +74,9 @@ public class AuthenticationRequest implements IAction { httpResp.reset(); STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry("EU"); + authnResponse.setCountry(((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getSpCountry()); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); if (oaParam == null) @@ -137,7 +141,7 @@ public class AuthenticationRequest implements IAction { // Define attribute list to be populated PersonalAttributeList attributeList = new PersonalAttributeList(); - MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink()); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkAuthnRequest); try { for (PersonalAttribute personalAttribute : attrLst) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 414e383fa..190a0d27c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -1,6 +1,8 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -20,6 +22,7 @@ public class MOAAttributeProvider { private final IdentityLink identityLink; private static final Map storkAttributeSimpleMapping; private static final Map storkAttributeFunctionMapping; + private final MOASTORKAuthnRequest moastorkAuthnRequest; static { Map tempSimpleMap = new HashMap(); @@ -32,8 +35,9 @@ public class MOAAttributeProvider { storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); } - public MOAAttributeProvider(IdentityLink identityLink) { + public MOAAttributeProvider(IdentityLink identityLink, MOASTORKAuthnRequest moastorkAuthnRequest) { this.identityLink = identityLink; + this.moastorkAuthnRequest = moastorkAuthnRequest; Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue()); } @@ -66,9 +70,16 @@ public class MOAAttributeProvider { } private String geteIdentifier() { - return "askdlaskdlaskdsds"; + Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry()); + try { + return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry()); + } catch (BuildException be) { + Logger.error("Stork eid could not be constructed; " + be.getMessage()); + return null; // TODO error + } } + private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) { try { String attributeValue = method.invoke(object, new Class[]{}).toString(); -- cgit v1.2.3 From 550177c54ce258715177a28f2d2d78812bf745fd Mon Sep 17 00:00:00 2001 From: Andreas Reiter Date: Thu, 27 Feb 2014 18:31:06 +0100 Subject: Added signeddoc attribute provider plugin --- .../moa/id/auth/AuthenticationServer.java | 2 +- .../id/protocols/stork2/AttributeCollector.java | 2 + .../stork2/DemoNoRedirectAttributeProvider.java | 3 - .../stork2/DemoRedirectAttributeProvider.java | 3 - .../stork2/EHvdAttributeProviderPlugin.java | 3 - .../stork2/SignedDocAttributeRequestProvider.java | 129 +++++++++++++++++++++ 6 files changed, 132 insertions(+), 10 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index ce5aa15c3..6f6d9611a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -125,7 +125,7 @@ import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; import eu.stork.oasisdss.api.AdditionalProfiles; import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.api.exceptions.ApiUtilsException; import eu.stork.oasisdss.api.Profiles; import eu.stork.oasisdss.api.QualityLevels; import eu.stork.oasisdss.api.SignatureTypes; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 57c68e94c..288e71f58 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -133,6 +133,8 @@ public class AttributeCollector implements IAction { // - add the aquired attribute to the container for (PersonalAttribute current : aquiredAttributes) container.getResponse().getPersonalAttributeList().add(current); + //TODO: return after first AP + } catch (UnsupportedAttributeException e) { // ok, try the next attributeprovider } catch (MOAIDException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 669a9389b..9c0869d97 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -20,7 +20,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - @Override public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession) throws UnsupportedAttributeException { PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); @@ -31,7 +30,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ - @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) { // TODO Auto-generated method stub return null; @@ -40,7 +38,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) { // we should not get here diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index 2f6b69075..26fc00406 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -20,7 +20,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - @Override public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { throw new ExternalAttributeRequestRequiredException(this); @@ -29,7 +28,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ - @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) { PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList(), "")); @@ -39,7 +37,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) { // we should not get here diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 8b96e0d10..758b70f2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -55,7 +55,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ - @Override public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { @@ -203,7 +202,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter) */ - @Override public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { @@ -213,7 +211,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ - @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { // there is no redirect required, so we throw an exception when someone asks us to parse a response diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java new file mode 100644 index 000000000..e7cd87e85 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java @@ -0,0 +1,129 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.codec.binary.Base64; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; +import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; + +/** + * Forwards a signedDoc attribute request to the oasis-dss service instance + */ +public class SignedDocAttributeRequestProvider implements AttributeProvider { + + private PersonalAttribute requestedAttribute; + + /** + * The URL of the service listening for the oasis dss webform post request + */ + private String oasisDssWebFormURL; + + /** + * Instantiates a new signed doc attribute request provider. + * + * @param oasisDssWebFormURL + * the AP location + */ + public SignedDocAttributeRequestProvider(String oasisDssWebFormURL) { + this.oasisDssWebFormURL = oasisDssWebFormURL; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java + * .lang.String) + */ + public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, + ExternalAttributeRequestRequiredException { + requestedAttribute = attribute; + + throw new ExternalAttributeRequestRequiredException(this); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax + * .servlet.http.HttpServletRequest) + */ + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { + Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request"); + + + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + try { + String signResponse = new String(Base64.decodeBase64(httpReq.getParameter("signresponse")), "UTF8"); + List values = new ArrayList(); + values.add(signResponse); + + Logger.debug("Assembling signedDoc attribute"); + PersonalAttribute signedDocAttribute = new PersonalAttribute(requestedAttribute.getName(), requestedAttribute.isRequired(), values, + "Available"); + + // pack and return the result + PersonalAttributeList result = new PersonalAttributeList(); + result.add(signedDocAttribute); + return result; + } catch (UnsupportedEncodingException e) { + Logger.error("Failed to assemble signedDoc attribute"); + throw new MOAIDException("stork.05", null); + } + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect + * (java.lang.String) + */ + public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) + throws MOAIDException { + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm"); + VelocityContext context = new VelocityContext(); + context.put("signrequest", Base64.encodeBase64String(requestedAttribute.getValue().get(0).getBytes("UTF8"))); + context.put("action", oasisDssWebFormURL); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.11", null); + } + } + +} -- cgit v1.2.3 From a949aceb20f55adad0dc797eba42c00f8d026fe1 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 27 Feb 2014 18:53:42 +0100 Subject: auth --- .../moa/id/auth/builder/BPKBuilder.java | 4 ++-- .../id/protocols/stork2/AuthenticationRequest.java | 28 +++++++++++++++------- 2 files changed, 21 insertions(+), 11 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index fc43d25e5..226d05520 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -134,7 +134,7 @@ public class BPKBuilder { } /** - * Builds the wbPK from the given parameters. + * Builds the storkeid from the given parameters. * * @param identificationValue Base64 encoded "Stammzahl" * @param destinationCountry destination country code (2 chars) @@ -148,7 +148,7 @@ public class BPKBuilder { /** - * Builds the wbPK from the given parameters. + * Builds the storkeid from the given parameters. * * @param identificationValue Base64 encoded "Stammzahl" * @param sourceCountry source country code (2 chars) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 6a2fe3bfc..e10c4d9d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -31,6 +31,7 @@ import java.io.*; import java.util.HashMap; import eu.stork.peps.auth.engine.SAMLEngine; import org.w3c.dom.Element; +import org.w3c.dom.NamedNodeMap; /** @@ -54,17 +55,18 @@ public class AuthenticationRequest implements IAction { this.moaSession = moasession; this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req; - try{ - MISMandate mandate = moasession.getMISMandate(); - String owbpk = mandate.getOWbPK(); - byte[] mand = mandate.getMandate(); - String profprep = mandate.getProfRep(); - //String textdesc = mandate.getTextualDescriptionOfOID(); - Element mndt = moasession.getMandate(); + try { + MISMandate mandate = moasession.getMISMandate(); + String owbpk = mandate.getOWbPK(); + byte[] mand = mandate.getMandate(); + String profprep = mandate.getProfRep(); + //String textdesc = mandate.getTextualDescriptionOfOID(); + Element mndt = moasession.getMandate(); - Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); -} catch (Exception x) {} + iterate(mndt.getAttributes()); + Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); + } catch (Exception x) {} Logger.debug("Starting AuthenticationRequest"); //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); @@ -134,6 +136,14 @@ public class AuthenticationRequest implements IAction { } + private void iterate(NamedNodeMap attributesList) { + for (int j = 0; j < attributesList.getLength(); j++) { + Logger.debug("--Attribute: " + + attributesList.item(j).getNodeName() + " = " + + attributesList.item(j).getNodeValue()); + } } + + public PersonalAttributeList populateAttributes() { IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList(); -- cgit v1.2.3 From a04189917f59dcc532e088ad366da67e31f62ffd Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 28 Feb 2014 12:03:28 +0100 Subject: url fix, attribute comparison fix, samlengine profile fix --- .../id/protocols/stork2/AttributeCollector.java | 194 +++++++++++++++------ .../moa/id/protocols/stork2/STORKProtocol.java | 2 +- 2 files changed, 143 insertions(+), 53 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index b7fa37757..7801f9a54 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -91,59 +91,149 @@ public class AttributeCollector implements IAction { * @throws MOAIDException */ public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { - // check if there are attributes we need to fetch - IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); - IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); - List missingAttributes = new ArrayList(); - for(PersonalAttribute current : requestAttributeList) - if(!responseAttributeList.containsKey(current)) - missingAttributes.add(current); - - try { - // for each attribute still missing - for(PersonalAttribute currentAttribute : missingAttributes) { - // - check if we can find a suitable AttributeProvider Plugin - for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { - try { - // - hand over control to the suitable plugin - IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); - - // - add the aquired attribute to the container - for(PersonalAttribute current : aquiredAttributes) - container.getResponse().getPersonalAttributeList().add(current); - } catch(UnsupportedAttributeException e) { - // ok, try the next attributeprovider - } catch(MOAIDException e) { - // the current plugin had an error. Try the next one. - // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop - } - - } - } - } catch (ExternalAttributeRequestRequiredException e) { - // the attribute request is ongoing and requires an external service. - try { - // memorize the container again - // - generate new key - String newArtifactId = new SecureRandomIdentifierGenerator() - .generateIdentifier(); - - // - put container in temporary store. - AssertionStorage.getInstance().put(newArtifactId, container); - - // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); - } catch (Exception e1) { - // TODO should we return the response as is to the PEPS? - Logger.error("Error putting incomplete Stork response into temporary storage", e); - throw new MOAIDException("stork.11", null); - } + // check if there are attributes we need to fetch + this.httpResp = response; + this.container = container; + + IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); + IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); + List missingAttributes = new ArrayList(); + for (PersonalAttribute current : requestAttributeList) + if (!responseAttributeList.containsKey(current.getName())) + missingAttributes.add(current); + + // Try to get all missing attributes + try { + // for each attribute still missing + for (PersonalAttribute currentAttribute : missingAttributes) { + // - check if we can find a suitable AttributeProvider Plugin + for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { + try { + // - hand over control to the suitable plugin + IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); + + // - add the aquired attribute to the container + for (PersonalAttribute current : aquiredAttributes) + container.getResponse().getPersonalAttributeList().add(current); + } catch (UnsupportedAttributeException e) { + // ok, try the next attributeprovider + } catch (MOAIDException e) { + // the current plugin had an error. Try the next one. + // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop + } + + } + } + + // build response + generateSTORKResponse(); + + // set new http response + generateRedirectResponse(); + response = httpResp; + + return "12345"; // AssertionId + + } catch (ExternalAttributeRequestRequiredException e) { + // the attribute request is ongoing and requires an external service. + try { + // memorize the container again + // - generate new key + String newArtifactId = new SecureRandomIdentifierGenerator() + .generateIdentifier(); + // - put container in temporary store. + AssertionStorage.getInstance().put(newArtifactId, container); + + // add container-key to redirect embedded within the return URL + e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); + + + } catch (Exception e1) { + // TODO should we return the response as is to the PEPS? + Logger.error("Error putting incomplete Stork response into temporary storage", e); + throw new MOAIDException("stork.11", null); + } + + return "12345"; // TODO what to do here? + } - return "12345"; // TODO what to do here? - } - // build response - // done - return "12345"; // AssertionId + + } + + + private void generateSTORKResponse() throws MOAIDException { + STORKAuthnResponse authnResponse = container.getResponse(); + STORKAuthnRequest authnRequest = container.getRequest(); + + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + Logger.debug("Starting generation of SAML response"); + authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false); + + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + Logger.info("STORK SAML Response message succesfully generated "); + String statusCodeValue = authnResponse.getStatusCode(); + + try { + Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); + Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works + Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + + } catch (IOException e) { + e.printStackTrace(); + } + + container.setResponse(authnResponse); + + } + + + private void generateRedirectResponse() { + STORKAuthnResponse authnResponse = container.getResponse(); + STORKAuthnRequest authnRequest = container.getRequest(); + + + // preparing redirection for the client + + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + + context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + + Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); + context.put("action", authnRequest.getAssertionConsumerServiceURL()); + Logger.debug("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.debug("Doing template merge"); + template.merge(context, writer); + Logger.debug("Template merge done"); + + Logger.debug("Sending html content: " + writer.getBuffer().toString()); + Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + + + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + } + + //HttpSession httpSession = this.httpResp.getSession(); + //httpSession.setAttribute("STORKSessionID", "12345"); + //Logger.info("Status code again: " + authnResponse.getStatusCode()); + + //return "12345"; // AssertionId } /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 318a8fc9c..01f0079ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -137,7 +137,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); STORKAuthnRequest authnRequest = null; Logger.error("decsamltoken" +decSamlToken.toString()); -- cgit v1.2.3 From 0499a41a86a6b44092eb6ad356858cd36a3d19c0 Mon Sep 17 00:00:00 2001 From: Andreas Reiter Date: Fri, 28 Feb 2014 16:05:13 +0100 Subject: Use LightweightSourceResolver in PEPSConnector to get the DataSource --- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 41be2c7e3..f98e5c97b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -30,6 +30,7 @@ import java.net.URL; import java.util.ArrayList; import java.util.List; +import javax.activation.DataSource; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -66,6 +67,8 @@ import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.xmldsig.SignatureType; import at.gv.util.xsd.xmldsig.X509DataType; import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.LightweightSourceResolver; +import eu.stork.oasisdss.api.exceptions.ApiUtilsException; import eu.stork.oasisdss.profile.DocumentWithSignature; import eu.stork.oasisdss.profile.SignResponse; import eu.stork.peps.auth.commons.PEPSUtil; @@ -202,17 +205,15 @@ public class PEPSConnectorServlet extends AuthServlet { String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo))); - List doclocations = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(), DocumentWithSignature.class.getSimpleName(), DocumentWithSignature.class); - // TODO handle multiple docs? - Logger.debug("trying first doclocation"); - String docUrl = doclocations.get(0).getDocument().getDocumentURL(); - Logger.debug("trying first doclocation successful"); - // fetch signed doc - URL url = new URL(docUrl); - InputStream incomming = url.openStream(); - citizenSignature = IOUtils.toString(incomming); - incomming.close(); + DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse); + if(ds == null){ + throw new ApiUtilsException("No datasource found in response"); + } + + InputStream incoming = ds.getInputStream(); + citizenSignature = IOUtils.toString(incoming); + incoming.close(); JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName()); SignatureType root = ((JAXBElement) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue(); -- cgit v1.2.3 From 2517b992ab38c09bc2979ed5010aee113e569834 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 28 Feb 2014 17:07:38 +0100 Subject: protocol change --- .../java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 502925a2a..9b46ee9c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -62,7 +62,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } public STORKProtocol() { - super(); // + super(); } /* @@ -152,7 +152,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.error("spid " + authnRequest.getSPID()); Logger.error("spi " + authnRequest.getSpInstitution()); - + authnRequest.setCountry(""); STORK2Request.setSTORKAuthnRequest(authnRequest); -- cgit v1.2.3 From 7767c1c7fe237ec729d98d66577f8a247c622d85 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Mar 2014 09:36:31 +0100 Subject: clean --- .../moa/id/protocols/stork2/STORKProtocol.java | 39 ++-------------------- 1 file changed, 3 insertions(+), 36 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 9b46ee9c6..042d61080 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -25,7 +25,6 @@ import java.util.HashMap; /** * Stork 2 Protocol Support - * Date: 11/29/13, Time: 12:32 PM * @author bsuzic */ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { @@ -71,22 +70,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { */ public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { Logger.debug("Starting preprocessing"); - Logger.debug("Got request: " + request.toString()); Logger.debug("Request method: " + request.getMethod()); - for (Object o : Collections.list(request.getHeaderNames())) { - Logger.debug("Request header: " + o.toString() + ":::" + request.getHeader(o.toString())); - } - for (Object o : Collections.list(request.getParameterNames())) { - Logger.debug("Request parameter: " + o.toString() + "::::" + request.getParameter(o.toString())); - } - Logger.debug("Request content length: " + request.getContentLength()); - Logger.debug("Request query: " + request.getQueryString()); - Logger.debug("Response: " + response.toString()); - Logger.debug("Action: " + action); - - Logger.debug("Processing saml request"); - String SAMLRequest = request.getParameter("SAMLRequest"); + Logger.debug("Initiating action: " + action); HTTPInTransport profileReq = new HttpServletRequestAdapter(request); HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure()); @@ -104,28 +90,11 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } catch (Exception e) { Logger.error("Error decoding STORKAuthnRequest", e); } - /* - - STORKAuthnRequestImpl ST2Req = (STORKAuthnRequestImpl)samlMessageContext.getInboundSAMLMessage(); - //MOASTORKAuthnRequest STORK2Request = (MOASTORKAuthnRequest)samlMessageContext.getInboundSAMLMessage(); - MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); - STORK2Request.setSTORKAuthnRequest(ST2Req); - - Logger.debug("STORK2 Citizen code: " + ST2Req.getCitizenCountryCode()); - Logger.debug("STORK2 QAA: " + ST2Req.getQAALevel()); - Logger.debug("STORK2 ISSUER: " + ST2Req.getIssuer().toString()); - - */ - //STORKAuthnReq storkAuthnReq = new STORKAuthnReq(); - MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); //extract STORK Response from HTTP Request - //Decodes SAML Response - - byte[] decSamlToken; try { decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest")); @@ -138,12 +107,11 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); STORKAuthnRequest authnRequest = null; - Logger.error("decsamltoken" +decSamlToken.toString()); try { - authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); + authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate storkrkauthnreqeust" + ex.getMessage() ); + Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() ); } Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL()); @@ -152,7 +120,6 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.error("spid " + authnRequest.getSPID()); Logger.error("spi " + authnRequest.getSpInstitution()); - authnRequest.setCountry(""); STORK2Request.setSTORKAuthnRequest(authnRequest); -- cgit v1.2.3 From 85da46b80e3b1c3d3565d044c1fba9c07182482b Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 3 Mar 2014 09:26:02 +0100 Subject: refactoring --- .../id/protocols/stork2/AttributeCollector.java | 37 ++++++++++++---------- .../moa/id/protocols/stork2/DataContainer.java | 21 ++++++++++++ 2 files changed, 41 insertions(+), 17 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 7801f9a54..93b2b0495 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -1,11 +1,14 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.io.IOException; +import java.io.StringWriter; import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -17,10 +20,18 @@ import at.gv.egovernment.moa.logging.Logger; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; /** * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. @@ -92,8 +103,6 @@ public class AttributeCollector implements IAction { */ public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { // check if there are attributes we need to fetch - this.httpResp = response; - this.container = container; IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); @@ -126,11 +135,10 @@ public class AttributeCollector implements IAction { } // build response - generateSTORKResponse(); + generateSTORKResponse(container); // set new http response - generateRedirectResponse(); - response = httpResp; + generateRedirectResponse(response, container); return "12345"; // AssertionId @@ -161,7 +169,7 @@ public class AttributeCollector implements IAction { } - private void generateSTORKResponse() throws MOAIDException { + private void generateSTORKResponse(DataContainer container) throws MOAIDException { STORKAuthnResponse authnResponse = container.getResponse(); STORKAuthnRequest authnRequest = container.getRequest(); @@ -181,21 +189,16 @@ public class AttributeCollector implements IAction { Logger.info("STORK SAML Response message succesfully generated "); String statusCodeValue = authnResponse.getStatusCode(); - try { - Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); - Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works - Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); - - } catch (IOException e) { - e.printStackTrace(); - } + Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); + Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); + Logger.debug("authn saml encodedx: " + PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml())); container.setResponse(authnResponse); } - private void generateRedirectResponse() { + private void generateRedirectResponse(HttpServletResponse httpResp, DataContainer container) { STORKAuthnResponse authnResponse = container.getResponse(); STORKAuthnRequest authnRequest = container.getRequest(); @@ -207,8 +210,8 @@ public class AttributeCollector implements IAction { Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); VelocityContext context = new VelocityContext(); - context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); - Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes()))); + context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml()).getBytes()); + Logger.debug("SAMLResponse original: " + new String(authnResponse.getTokenSaml()).getBytes()); Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); context.put("action", authnRequest.getAssertionConsumerServiceURL()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java index 40c827ef8..a1c40526d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java @@ -23,6 +23,9 @@ public class DataContainer implements Serializable { /** The target. */ private String target; + /** The remote address. */ + private String remoteAddress; + /** * Gets the request. * @@ -76,4 +79,22 @@ public class DataContainer implements Serializable { public void setTarget(String target) { this.target = target; } + + /** + * Gets the remote address. + * + * @return the remote address + */ + public String getRemoteAddress() { + return remoteAddress; + } + + /** + * Sets the remote address. + * + * @param remoteAddress the new remote address + */ + public void setRemoteAddress(String remoteAddress) { + this.remoteAddress = remoteAddress; + } } -- cgit v1.2.3 From bf784b6222784758eb846b0aaf2080b009549be0 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 3 Mar 2014 09:30:41 +0100 Subject: cleanup --- .../id/protocols/stork2/AttributeCollector.java | 29 +++++++++------------- .../ExternalAttributeRequestRequiredException.java | 15 +++++++++++ 2 files changed, 27 insertions(+), 17 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 93b2b0495..c711d9400 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import java.io.IOException; import java.io.StringWriter; import java.util.ArrayList; import java.util.List; @@ -164,11 +163,14 @@ public class AttributeCollector implements IAction { return "12345"; // TODO what to do here? } - - } - + /** + * generates binary response from given response class. + * + * @param container the container + * @throws MOAIDException the mOAID exception + */ private void generateSTORKResponse(DataContainer container) throws MOAIDException { STORKAuthnResponse authnResponse = container.getResponse(); STORKAuthnRequest authnRequest = container.getRequest(); @@ -187,24 +189,24 @@ public class AttributeCollector implements IAction { } Logger.info("STORK SAML Response message succesfully generated "); - String statusCodeValue = authnResponse.getStatusCode(); - Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); Logger.debug("authn saml encodedx: " + PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml())); container.setResponse(authnResponse); - } - + /** + * writes the storkresponse to the httpresponse using the velocity engine. + * + * @param httpResp the http resp + * @param container the container + */ private void generateRedirectResponse(HttpServletResponse httpResp, DataContainer container) { STORKAuthnResponse authnResponse = container.getResponse(); STORKAuthnRequest authnRequest = container.getRequest(); - // preparing redirection for the client - try { VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); @@ -225,18 +227,11 @@ public class AttributeCollector implements IAction { Logger.debug("Sending html content: " + writer.getBuffer().toString()); Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); - httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); } catch (Exception e) { Logger.error("Velocity error: " + e.getMessage()); } - - //HttpSession httpSession = this.httpResp.getSession(); - //httpSession.setAttribute("STORKSessionID", "12345"); - //Logger.info("Status code again: " + authnResponse.getStatusCode()); - - //return "12345"; // AssertionId } /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java index 29b09487b..56f31723c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java @@ -1,12 +1,27 @@ package at.gv.egovernment.moa.id.protocols.stork2; public class ExternalAttributeRequestRequiredException extends Exception { + + /** The Constant serialVersionUID. */ + private static final long serialVersionUID = 5207631348933518908L; + + /** The ap. */ private AttributeProvider ap; + /** + * Instantiates a new external attribute request required exception. + * + * @param provider the provider + */ public ExternalAttributeRequestRequiredException(AttributeProvider provider) { ap = provider; } + /** + * Gets the ap. + * + * @return the ap + */ public AttributeProvider getAp() { return ap; } -- cgit v1.2.3 From 142bf6e5c229aa523e5c1363716d011df6d6af93 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Mar 2014 14:03:38 +0100 Subject: attr supporT --- .../id/protocols/stork2/AuthenticationRequest.java | 95 ++++++++++------------ .../id/protocols/stork2/MOAAttributeProvider.java | 10 +-- .../id/protocols/stork2/MOASTORKAuthnRequest.java | 71 ---------------- .../moa/id/protocols/stork2/MOASTORKRequest.java | 95 ++++++++++++++++++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 25 ++++-- 5 files changed, 160 insertions(+), 136 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index e10c4d9d9..91326a51d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -3,91 +3,77 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; -import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; -import edu.emory.mathcs.backport.java.util.Collections; -import eu.stork.peps.auth.commons.*; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.commons.io.IOUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnResponse; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.*; -import java.util.HashMap; -import eu.stork.peps.auth.engine.SAMLEngine; import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + /** + * Second request step - after authentication of the user is done and moasession obtained, + * process request and forward the user further to PEPS and/or other entities + * * @author bsuzic - * Date: 12/3/13, Time: 2:08 PM */ public class AuthenticationRequest implements IAction { - /* - Second request step - after authentication of the user is done and moasession obtained, - process request and forward the user further to PEPS and/or other entities - */ private VelocityEngine velocityEngine; private AuthenticationSession moaSession; - private MOASTORKAuthnRequest moaStorkAuthnRequest; + private MOASTORKRequest moaStorkRequest; public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { this.moaSession = moasession; - this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req; - - try { - MISMandate mandate = moasession.getMISMandate(); - String owbpk = mandate.getOWbPK(); - byte[] mand = mandate.getMandate(); - String profprep = mandate.getProfRep(); - //String textdesc = mandate.getTextualDescriptionOfOID(); - Element mndt = moasession.getMandate(); + this.moaStorkRequest = (MOASTORKRequest) req; + + if (moasession.getUseMandate()) { + try { + MISMandate mandate = moasession.getMISMandate(); + String owbpk = mandate.getOWbPK(); + byte[] mand = mandate.getMandate(); + String profprep = mandate.getProfRep(); + //String textdesc = mandate.getTextualDescriptionOfOID(); + Element mndt = moasession.getMandate(); + + iterate(mndt.getAttributes()); + Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); + } catch (Exception x) { + Logger.debug("There is no mandate used in transaction"); + } + } - iterate(mndt.getAttributes()); - Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); - } catch (Exception x) {} Logger.debug("Starting AuthenticationRequest"); - //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); - Logger.debug("Http Response: " + httpResp.toString() + ", "); - Logger.debug("Remote user: " + httpReq.getRemoteAddr()); - Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget()); httpResp.reset(); STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry(((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getSpCountry()); - + authnResponse.setCountry(((MOASTORKRequest) req).getStorkAuthnRequest().getSpCountry()); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); // Prepare basic AT attributes try { - IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); + IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); @@ -114,13 +100,13 @@ public class AuthenticationRequest implements IAction { DataContainer container = new DataContainer(); // - fill in the request we extracted above - container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); - + container.setRequest(((MOASTORKRequest) req).getStorkAuthnRequest()); + // - fill in the partial response created above container.setResponse(authnResponse); - + // - memorize the target url were we have to return the result - container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + container.setTarget(((MOASTORKRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); container.setRemoteAddress(httpReq.getRemoteAddr()); @@ -141,24 +127,25 @@ public class AuthenticationRequest implements IAction { Logger.debug("--Attribute: " + attributesList.item(j).getNodeName() + " = " + attributesList.item(j).getNodeValue()); - } } + } + } public PersonalAttributeList populateAttributes() { - IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList(); - Logger.info("Found " + attrLst.size() + " personal attributes in the request." ); + IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); + Logger.info("Found " + attrLst.size() + " personal attributes in the request."); // Define attribute list to be populated PersonalAttributeList attributeList = new PersonalAttributeList(); - MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkAuthnRequest); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest); try { for (PersonalAttribute personalAttribute : attrLst) { Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); moaAttributeProvider.populateAttribute(attributeList, personalAttribute); } - } catch (Exception e) { + } catch (Exception e) { Logger.error("Exception, attributes: " + e.getMessage()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 190a0d27c..d89fb8cb2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -22,7 +22,7 @@ public class MOAAttributeProvider { private final IdentityLink identityLink; private static final Map storkAttributeSimpleMapping; private static final Map storkAttributeFunctionMapping; - private final MOASTORKAuthnRequest moastorkAuthnRequest; + private final MOASTORKRequest moastorkRequest; static { Map tempSimpleMap = new HashMap(); @@ -35,9 +35,9 @@ public class MOAAttributeProvider { storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); } - public MOAAttributeProvider(IdentityLink identityLink, MOASTORKAuthnRequest moastorkAuthnRequest) { + public MOAAttributeProvider(IdentityLink identityLink, MOASTORKRequest moastorkRequest) { this.identityLink = identityLink; - this.moastorkAuthnRequest = moastorkAuthnRequest; + this.moastorkRequest = moastorkRequest; Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue()); } @@ -70,9 +70,9 @@ public class MOAAttributeProvider { } private String geteIdentifier() { - Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry()); + Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry()); try { - return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry()); + return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkRequest.getStorkAuthnRequest().getSpCountry()); } catch (BuildException be) { Logger.error("Stork eid could not be constructed; " + be.getMessage()); return null; // TODO error diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java deleted file mode 100644 index cee64e16e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java +++ /dev/null @@ -1,71 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.moduls.IRequest; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import org.opensaml.common.xml.SAMLConstants; - -/** - * @author bsuzic - * Date: 12/4/13, Time: 6:31 PM - */ - -public class MOASTORKAuthnRequest implements IRequest { - private String requestID; - private String target = null; - String module = null; - String action = null; - private STORKAuthnRequest storkAuthnRequest; - - public void setSTORKAuthnRequest(STORKAuthnRequest request) { - this.storkAuthnRequest = request; - } - - public STORKAuthnRequest getStorkAuthnRequest() { - return this.storkAuthnRequest; - } - - public String getOAURL() { - - return "https://sp:8889/SP"; // - } - - public boolean isPassiv() { - return false; // - } - - public boolean forceAuth() { - return false; // - } - - public boolean isSSOSupported() { - return false; // - } - - public String requestedModule() { - return this.module; // - } - - public String requestedAction() { - return action; // - } - - public void setModule(String module) { - this.module = module; - } - - public void setAction(String action) { - this.action = action; - } - - public String getTarget() { - return this.target; // - } - - public void setRequestID(String id) { - this.requestID = id; - } - - public String getRequestID() { - return this.requestID; // - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java new file mode 100644 index 000000000..8c7fd8706 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -0,0 +1,95 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.moduls.IRequest; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + +/** + * Implements MOA request and stores StorkAuthnRequest related data + * + * @author bsuzic + */ + +public class MOASTORKRequest implements IRequest { + private String requestID; + private String target = null; + String module = null; + String action = null; + private STORKAuthnRequest storkAuthnRequest; + private STORKAttrQueryRequest storkAttrQueryRequest; + private boolean isAttrRequest = false; + private boolean isAuthnRequest = false; + + public void setSTORKAuthnRequest(STORKAuthnRequest request) { + this.storkAuthnRequest = request; + if (request != null) { + isAuthnRequest = true; + } + } + + public void setSTORKAttrRequest(STORKAttrQueryRequest request) { + this.storkAttrQueryRequest = request; + if (request != null) { + isAttrRequest = true; + } + + } + + public boolean isAttrRequest() { + return this.isAttrRequest; + } + + public boolean isAuthnRequest() { + return this.isAuthnRequest; + } + + + public STORKAuthnRequest getStorkAuthnRequest() { + return this.storkAuthnRequest; + } + + public String getOAURL() { + + return storkAuthnRequest.getAssertionConsumerServiceURL(); + } + + public boolean isPassiv() { + return false; + } + + public boolean forceAuth() { + return false; + } + + public boolean isSSOSupported() { + return false; + } + + public String requestedModule() { + return this.module; + } + + public String requestedAction() { + return action; + } + + public void setModule(String module) { + this.module = module; + } + + public void setAction(String action) { + this.action = action; + } + + public String getTarget() { + return this.target; + } + + public void setRequestID(String id) { + this.requestID = id; + } + + public String getRequestID() { + return this.requestID; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 042d61080..28a516d2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -5,13 +5,12 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.ws.transport.http.HTTPInTransport; import org.opensaml.ws.transport.http.HTTPOutTransport; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; @@ -20,7 +19,6 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.util.Collections; import java.util.HashMap; /** @@ -81,6 +79,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); samlMessageContext.setInboundMessageTransport(profileReq); +/* HTTPPostDecoder postDecoder = new HTTPPostDecoder(); postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator @@ -90,8 +89,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } catch (Exception e) { Logger.error("Error decoding STORKAuthnRequest", e); } +*/ - MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); + MOASTORKRequest STORK2Request = new MOASTORKRequest(); //extract STORK Response from HTTP Request @@ -99,7 +99,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { try { decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest")); } catch(NullPointerException e) { - Logger.error("Unable to retrieve STORK Response", e); + Logger.error("Unable to retrieve STORK Request", e); throw new MOAIDException("stork.04", null); } @@ -107,13 +107,26 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); STORKAuthnRequest authnRequest = null; + STORKAttrQueryRequest attrRequest = null; + // check if valid authn request is contained try { authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() ); } + + // check if a valid attr request is container + try { + attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() ); + } + + + + Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL()); Logger.error("cc " + authnRequest.getCitizenCountryCode()); Logger.error("iss " + authnRequest.getIssuer()); @@ -121,7 +134,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.error("spi " + authnRequest.getSpInstitution()); STORK2Request.setSTORKAuthnRequest(authnRequest); - + STORK2Request.setSTORKAttrRequest(attrRequest); return STORK2Request; } -- cgit v1.2.3 From b04102cfcf46aa62417b6f1990dff76e2b706862 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Mar 2014 14:05:18 +0100 Subject: remove comments --- .../moa/id/protocols/stork2/STORKProtocol.java | 25 ++++++---------------- 1 file changed, 6 insertions(+), 19 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 28a516d2a..3b9a5bc29 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -8,6 +8,7 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; +import eu.stork.peps.auth.commons.STORKAuthnRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -15,7 +16,6 @@ import org.opensaml.ws.transport.http.HTTPInTransport; import org.opensaml.ws.transport.http.HTTPOutTransport; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import eu.stork.peps.auth.commons.STORKAuthnRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -23,6 +23,7 @@ import java.util.HashMap; /** * Stork 2 Protocol Support + * * @author bsuzic */ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { @@ -31,7 +32,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { public static final String PATH = "id_stork2"; public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; - public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector"; + public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector"; private static HashMap actions = new HashMap(); @@ -79,18 +80,6 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); samlMessageContext.setInboundMessageTransport(profileReq); -/* - HTTPPostDecoder postDecoder = new HTTPPostDecoder(); - postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator - - try { - Logger.debug("Attempting to decode request..."); - postDecoder.decode(samlMessageContext); - } catch (Exception e) { - Logger.error("Error decoding STORKAuthnRequest", e); - } -*/ - MOASTORKRequest STORK2Request = new MOASTORKRequest(); @@ -98,7 +87,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { byte[] decSamlToken; try { decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest")); - } catch(NullPointerException e) { + } catch (NullPointerException e) { Logger.error("Unable to retrieve STORK Request", e); throw new MOAIDException("stork.04", null); } @@ -113,7 +102,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { try { authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() ); + Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); } @@ -121,12 +110,10 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { try { attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() ); + Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); } - - Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL()); Logger.error("cc " + authnRequest.getCitizenCountryCode()); Logger.error("iss " + authnRequest.getIssuer()); -- cgit v1.2.3 From c900f870b2e64c2e25820b8162d8f0444c0dc7d4 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Mar 2014 16:03:08 +0100 Subject: aatributes --- .../id/protocols/stork2/AuthenticationRequest.java | 112 +++++++++++---------- .../stork2/DemoNoRedirectAttributeProvider.java | 3 - .../stork2/DemoRedirectAttributeProvider.java | 3 - .../id/protocols/stork2/MISAttributeProvider.java | 27 +++++ .../moa/id/protocols/stork2/MOASTORKRequest.java | 15 ++- .../moa/id/protocols/stork2/STORKProtocol.java | 22 ++-- 6 files changed, 108 insertions(+), 74 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 91326a51d..d33b33c77 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -33,88 +33,96 @@ public class AuthenticationRequest implements IAction { private VelocityEngine velocityEngine; - private AuthenticationSession moaSession; - private MOASTORKRequest moaStorkRequest; + private AuthenticationSession moaSession = null; + private MOASTORKRequest moaStorkRequest = null; public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { this.moaSession = moasession; - this.moaStorkRequest = (MOASTORKRequest) req; - if (moasession.getUseMandate()) { - try { - MISMandate mandate = moasession.getMISMandate(); - String owbpk = mandate.getOWbPK(); - byte[] mand = mandate.getMandate(); - String profprep = mandate.getProfRep(); - //String textdesc = mandate.getTextualDescriptionOfOID(); - Element mndt = moasession.getMandate(); - - iterate(mndt.getAttributes()); - Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); - } catch (Exception x) { - Logger.debug("There is no mandate used in transaction"); + if (req instanceof MOASTORKRequest) { + + this.moaStorkRequest = (MOASTORKRequest) req; + + + if (moasession.getUseMandate()) { + try { + MISMandate mandate = moasession.getMISMandate(); + String owbpk = mandate.getOWbPK(); + byte[] mand = mandate.getMandate(); + String profprep = mandate.getProfRep(); + //String textdesc = mandate.getTextualDescriptionOfOID(); + Element mndt = moasession.getMandate(); + + iterate(mndt.getAttributes()); + Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); + } catch (Exception x) { + Logger.debug("There is no mandate used in transaction"); + } } - } - Logger.debug("Starting AuthenticationRequest"); - httpResp.reset(); + Logger.debug("Starting AuthenticationRequest"); + httpResp.reset(); - STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry(((MOASTORKRequest) req).getStorkAuthnRequest().getSpCountry()); + STORKAuthnResponse authnResponse = new STORKAuthnResponse(); + authnResponse.setCountry(moaStorkRequest.getStorkAuthnRequest().getSpCountry()); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); - // Prepare basic AT attributes - try { - IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); - Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); + // Prepare basic AT attributes + try { + IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); + Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); - for (PersonalAttribute personalAttribute : moaAttrList) { - Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); - if (personalAttribute.getValue().size() > 0) { - for (String value : personalAttribute.getValue()) { - Logger.info(" Value found: " + value); + for (PersonalAttribute personalAttribute : moaAttrList) { + Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); + if (personalAttribute.getValue().size() > 0) { + for (String value : personalAttribute.getValue()) { + Logger.info(" Value found: " + value); + } } } - } - } catch (Exception e) { - Logger.error("Exception, attributes: " + e.getMessage()); - } + } catch (Exception e) { + Logger.error("Exception, attributes: " + e.getMessage()); + } - // Get personal attributtes from MOA/IdentityLink - authnResponse.setPersonalAttributeList(populateAttributes()); + // Get personal attributtes from MOA/IdentityLink + authnResponse.setPersonalAttributeList(populateAttributes()); - // Prepare extended attributes - Logger.debug("Preparing data container"); + // Prepare extended attributes + Logger.debug("Preparing data container"); - // create fresh container - DataContainer container = new DataContainer(); + // create fresh container + DataContainer container = new DataContainer(); - // - fill in the request we extracted above - container.setRequest(((MOASTORKRequest) req).getStorkAuthnRequest()); + // - fill in the request we extracted above + container.setRequest(moaStorkRequest.getStorkAuthnRequest()); - // - fill in the partial response created above - container.setResponse(authnResponse); + // - fill in the partial response created above + container.setResponse(authnResponse); - // - memorize the target url were we have to return the result - container.setTarget(((MOASTORKRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + // - memorize the target url were we have to return the result + container.setTarget(moaStorkRequest.getStorkAuthnRequest().getAssertionConsumerServiceURL()); - container.setRemoteAddress(httpReq.getRemoteAddr()); + container.setRemoteAddress(httpReq.getRemoteAddr()); - Logger.debug("Data container prepared"); + Logger.debug("Data container prepared"); - return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + } else { + Logger.error("Could not recognize request."); + throw new MOAIDException("stork.15", null); + } } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 669a9389b..9c0869d97 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -20,7 +20,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - @Override public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession) throws UnsupportedAttributeException { PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); @@ -31,7 +30,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ - @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) { // TODO Auto-generated method stub return null; @@ -40,7 +38,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) { // we should not get here diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index 2f6b69075..26fc00406 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -20,7 +20,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - @Override public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { throw new ExternalAttributeRequestRequiredException(this); @@ -29,7 +28,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ - @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) { PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList(), "")); @@ -39,7 +37,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) { // we should not get here diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java new file mode 100644 index 000000000..7665bb239 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Implements Attribute Provider for Mandates + */ +public class MISAttributeProvider implements AttributeProvider { + public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + return null; // + } + + public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { + // + } + + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { + return null; // + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 8c7fd8706..1776d958c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -1,11 +1,13 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAuthnRequest; /** - * Implements MOA request and stores StorkAuthnRequest related data + * Implements MOA request and stores StorkAuthn/Attr-Request related data * * @author bsuzic */ @@ -32,7 +34,6 @@ public class MOASTORKRequest implements IRequest { if (request != null) { isAttrRequest = true; } - } public boolean isAttrRequest() { @@ -49,8 +50,14 @@ public class MOASTORKRequest implements IRequest { } public String getOAURL() { - - return storkAuthnRequest.getAssertionConsumerServiceURL(); + if (isAuthnRequest) + return storkAuthnRequest.getAssertionConsumerServiceURL(); + else if (isAttrRequest) + return storkAttrQueryRequest.getAssertionConsumerServiceURL(); + else { + Logger.error("There is no authentication or attribute request contained in MOASTORKRequest."); + return null; + } } public boolean isPassiv() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 3b9a5bc29..e68b66510 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -6,9 +6,7 @@ import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.STORKAttrQueryRequest; -import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -93,14 +91,15 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); + STORKSAMLEngine authnEngine = STORKSAMLEngine.getInstance("incoming"); + STORKSAMLEngine attrEngine = STORKSAMLEngine.getInstance("incoming_attr"); STORKAuthnRequest authnRequest = null; STORKAttrQueryRequest attrRequest = null; // check if valid authn request is contained try { - authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); + authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); } @@ -108,17 +107,16 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { // check if a valid attr request is container try { - attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); + attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); } - - Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL()); - Logger.error("cc " + authnRequest.getCitizenCountryCode()); - Logger.error("iss " + authnRequest.getIssuer()); - Logger.error("spid " + authnRequest.getSPID()); - Logger.error("spi " + authnRequest.getSpInstitution()); + // if there is no authn or attr request, raise error + if ((authnRequest == null) && (attrRequest == null)) { + Logger.error("There is no authentication or attribute request contained."); + throw new MOAIDException("stork.14", null); + } STORK2Request.setSTORKAuthnRequest(authnRequest); STORK2Request.setSTORKAttrRequest(attrRequest); -- cgit v1.2.3 From e6dc09e9274cc5e38fa0c0832c205881faece862 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Mar 2014 16:03:18 +0100 Subject: remove attr test --- .../moa/id/protocols/stork2/AuthenticationRequest.java | 18 ------------------ 1 file changed, 18 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index d33b33c77..4e7a1bb8b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -75,24 +75,6 @@ public class AuthenticationRequest implements IAction { throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); - // Prepare basic AT attributes - try { - IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); - Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); - - - for (PersonalAttribute personalAttribute : moaAttrList) { - Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); - if (personalAttribute.getValue().size() > 0) { - for (String value : personalAttribute.getValue()) { - Logger.info(" Value found: " + value); - } - } - } - - } catch (Exception e) { - Logger.error("Exception, attributes: " + e.getMessage()); - } // Get personal attributtes from MOA/IdentityLink authnResponse.setPersonalAttributeList(populateAttributes()); -- cgit v1.2.3 From 594dc394d958ee8c9106ff4ba837d6ba40fbecae Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Mar 2014 16:03:22 +0100 Subject: remove attr test --- .../at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 1 - 1 file changed, 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 4e7a1bb8b..cb49856c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -75,7 +75,6 @@ public class AuthenticationRequest implements IAction { throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); - // Get personal attributtes from MOA/IdentityLink authnResponse.setPersonalAttributeList(populateAttributes()); -- cgit v1.2.3 From 0d11865d1ccab1aca91e28c71cd86d1443faff41 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Mar 2014 16:20:00 +0100 Subject: putting attrrequest in main endpoint --- .../id/protocols/stork2/AuthenticationRequest.java | 101 ++++++++++++--------- .../moa/id/protocols/stork2/MOASTORKRequest.java | 5 +- 2 files changed, 63 insertions(+), 43 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index cb49856c4..18d0b479e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -9,10 +9,7 @@ import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.commons.*; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; import org.w3c.dom.Element; @@ -45,65 +42,63 @@ public class AuthenticationRequest implements IAction { this.moaStorkRequest = (MOASTORKRequest) req; + Logger.debug("Entering MOASTORKRequest"); + httpResp.reset(); - if (moasession.getUseMandate()) { - try { - MISMandate mandate = moasession.getMISMandate(); - String owbpk = mandate.getOWbPK(); - byte[] mand = mandate.getMandate(); - String profprep = mandate.getProfRep(); - //String textdesc = mandate.getTextualDescriptionOfOID(); - Element mndt = moasession.getMandate(); - - iterate(mndt.getAttributes()); - Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); - } catch (Exception x) { - Logger.debug("There is no mandate used in transaction"); - } - } - + // check if it is attribute query + if (moaStorkRequest.isAttrRequest()) { + Logger.debug("Starting AttrQueryRequest"); + STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse(); + IPersonalAttributeList personalAttributeList = moaStorkRequest.getStorkAttrQueryRequest().getPersonalAttributeList(); - Logger.debug("Starting AuthenticationRequest"); - httpResp.reset(); + // TODO Check if this instance is eligible to fetch attributes locally, assuming yes - STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry(moaStorkRequest.getStorkAuthnRequest().getSpCountry()); + return (new AttributeCollector()).processRequest(req, httpReq, httpResp, moasession); + } else + // check if we have authentication request + if (moaStorkRequest.isAuthnRequest()) { + Logger.debug("Starting AuthenticationRequest"); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + STORKAuthnResponse authnResponse = new STORKAuthnResponse(); + authnResponse.setCountry(moaStorkRequest.getStorkAuthnRequest().getSpCountry()); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); - // Get personal attributtes from MOA/IdentityLink - authnResponse.setPersonalAttributeList(populateAttributes()); + // Get personal attributtes from MOA/IdentityLink + authnResponse.setPersonalAttributeList(populateAttributes()); - // Prepare extended attributes - Logger.debug("Preparing data container"); + // Prepare extended attributes + Logger.debug("Preparing data container"); - // create fresh container - DataContainer container = new DataContainer(); + // create fresh container + DataContainer container = new DataContainer(); - // - fill in the request we extracted above - container.setRequest(moaStorkRequest.getStorkAuthnRequest()); + // - fill in the request we extracted above + container.setRequest(moaStorkRequest.getStorkAuthnRequest()); - // - fill in the partial response created above - container.setResponse(authnResponse); + // - fill in the partial response created above + container.setResponse(authnResponse); - // - memorize the target url were we have to return the result - container.setTarget(moaStorkRequest.getStorkAuthnRequest().getAssertionConsumerServiceURL()); + // - memorize the target url were we have to return the result + container.setTarget(moaStorkRequest.getStorkAuthnRequest().getAssertionConsumerServiceURL()); - container.setRemoteAddress(httpReq.getRemoteAddr()); + container.setRemoteAddress(httpReq.getRemoteAddr()); - Logger.debug("Data container prepared"); + Logger.debug("Data container prepared"); - return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + } } else { Logger.error("Could not recognize request."); throw new MOAIDException("stork.15", null); } + + return null; } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { @@ -120,6 +115,28 @@ public class AuthenticationRequest implements IAction { } + // does nothing + public void mandate(AuthenticationSession moasession) { + + if (moasession.getUseMandate()) { + try { + MISMandate mandate = moasession.getMISMandate(); + String owbpk = mandate.getOWbPK(); + byte[] mand = mandate.getMandate(); + String profprep = mandate.getProfRep(); + //String textdesc = mandate.getTextualDescriptionOfOID(); + Element mndt = moasession.getMandate(); + + iterate(mndt.getAttributes()); + Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); + } catch (Exception x) { + Logger.debug("There is no mandate used in transaction"); + } + } + + + } + public PersonalAttributeList populateAttributes() { IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 1776d958c..47a86174f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; @@ -49,6 +48,10 @@ public class MOASTORKRequest implements IRequest { return this.storkAuthnRequest; } + public STORKAttrQueryRequest getStorkAttrQueryRequest() { + return this.storkAttrQueryRequest; + } + public String getOAURL() { if (isAuthnRequest) return storkAuthnRequest.getAssertionConsumerServiceURL(); -- cgit v1.2.3 From 5e7e02ef338811ea240dd5e53a215f82fdf40954 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Mar 2014 16:30:07 +0100 Subject: remove override --- .../moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java | 3 --- 1 file changed, 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 8b96e0d10..758b70f2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -55,7 +55,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ - @Override public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { @@ -203,7 +202,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter) */ - @Override public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { @@ -213,7 +211,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ - @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { // there is no redirect required, so we throw an exception when someone asks us to parse a response -- cgit v1.2.3 From 156ef68f4d89cf83e55fac8526e98e7cd445a31c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 3 Mar 2014 11:17:30 +0100 Subject: cleanup --- .../id/protocols/stork2/AttributeCollector.java | 91 ++++++++++++---------- 1 file changed, 48 insertions(+), 43 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index c711d9400..428d1c52c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -42,54 +42,59 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException; * */ public class AttributeCollector implements IAction { - - /** The Constant ARTIFACT_ID. */ - private static final String ARTIFACT_ID = "artifactId"; - + + /** + * The Constant ARTIFACT_ID. + */ + private static final String ARTIFACT_ID = "artifactId"; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) */ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - // read configuration parameters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); - - // find the attribute provider plugin that can handle the response - IPersonalAttributeList newAttributes = null; - for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) - try { - newAttributes = current.parse(httpReq); - } catch (UnsupportedAttributeException e1) { - // the current provider cannot find anything familiar within the - // provided httpreq. Try the next one. - } - - if (null == newAttributes) { - // we do not have a provider which is capable of fetching something - // from the received httpreq. - // TODO should we continue with the next attribute? - Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); - throw new MOAIDException("stork.11", null); - } - - // - fetch the container - String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); - DataContainer container; - try { - container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); - } catch (MOADatabaseException e) { - Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); - throw new MOAIDException("stork.11", null); - } - - // - insert the embedded attribute(s) into the container - for(PersonalAttribute current : newAttributes) - container.getResponse().getPersonalAttributeList().add(current); - - // see if we need some more attributes - return processRequest(container, httpReq, httpResp, moasession, oaParam); + // read configuration parameters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + + // find the attribute provider plugin that can handle the response + IPersonalAttributeList newAttributes = null; + for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) + try { + newAttributes = current.parse(httpReq); + } catch (UnsupportedAttributeException e1) { + // the current provider cannot find anything familiar within the + // provided httpreq. Try the next one. + // TODO check the loop + } + + if (null == newAttributes) { + // we do not have a provider which is capable of fetching something + // from the received httpreq. + // TODO should we continue with the next attribute? + Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); + throw new MOAIDException("stork.11", null); + } + + // - fetch the container + String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); + DataContainer container; + try { + container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); + } catch (MOADatabaseException e) { + Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); + throw new MOAIDException("stork.11", null); + } + + + + // - insert the embedded attribute(s) into the container + for (PersonalAttribute current : newAttributes) + container.getResponse().getPersonalAttributeList().add(current); + + // see if we need some more attributes + return processRequest(container, httpReq, httpResp, moasession, oaParam); } /** -- cgit v1.2.3 From e938b31db45af14312e0fe195d274f7f4c9e0aa9 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 3 Mar 2014 14:43:47 +0100 Subject: fixed spCountryCode in Stork AttrQuery Plugin --- .../egovernment/moa/id/protocols/stork2/AttributeCollector.java | 4 ++-- .../egovernment/moa/id/protocols/stork2/AttributeProvider.java | 6 +++--- .../moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java | 2 +- .../moa/id/protocols/stork2/StorkAttributeRequestProvider.java | 9 ++++----- 4 files changed, 10 insertions(+), 11 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 428d1c52c..6b7769c49 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -157,12 +157,12 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); + e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? - Logger.error("Error putting incomplete Stork response into temporary storage", e); + Logger.error("Error putting incomplete Stork response into temporary storage", e1); throw new MOAIDException("stork.11", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 59376fef6..6fba91fde 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -34,13 +34,13 @@ public interface AttributeProvider { * Perform redirect. * * @param url the return URL ending with ?artifactId=... - * @param citizenCountyCode the citizen county code + * @param spCountyCode the sp county code * @param req the request we got from the S-PEPS and for which we have to ask our APs * @param resp the response to the preceding request * @param oaParam the oa param - * @throws MOAIDException + * @throws MOAIDException the mOAID exception */ - public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; + public void performRedirect(String url, String spCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; /** * Parses the response we got from the external attribute provider. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 8b96e0d10..4404af4e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -204,7 +204,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter) */ @Override - public void performRedirect(String url, String citizenCountyCode, + public void performRedirect(String url, String spCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { // there is no redirect required diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index bd6f192dc..5efdfd117 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -91,13 +91,11 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) */ - @Override - public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { + public void performRedirect(String url, String spCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { String spSector = "Business"; String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; - String spCountry = "AT"; //generate AuthnRquest STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); @@ -106,12 +104,13 @@ public class StorkAttributeRequestProvider implements AttributeProvider { attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); attributeRequest.setQaa(oaParam.getQaaLevel()); attributeRequest.setSpInstitution(spInstitution); - attributeRequest.setCountry(spCountry); + attributeRequest.setCountry(spCountryCode); + attributeRequest.setSpCountry(spCountryCode); attributeRequest.setSpApplication(spApplication); attributeRequest.setSpSector(spSector); attributeRequest.setPersonalAttributeList(requestedAttributes); - attributeRequest.setCitizenCountryCode(citizenCountryCode); + attributeRequest.setCitizenCountryCode("AT"); Logger.debug("STORK AttrRequest succesfully assembled."); -- cgit v1.2.3 From 013bc5647275872ba182ad7bf62be1cbd7c80f38 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 3 Mar 2014 16:47:25 +0100 Subject: treated possible infinite loop in ap collection --- .../id/protocols/stork2/AttributeCollector.java | 59 ++++++++++++++++------ 1 file changed, 43 insertions(+), 16 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 6b7769c49..2735fde68 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -27,6 +27,7 @@ import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; @@ -63,18 +64,18 @@ public class AttributeCollector implements IAction { for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) try { newAttributes = current.parse(httpReq); + + // stop as soon as we hit a capable plugin + break; } catch (UnsupportedAttributeException e1) { // the current provider cannot find anything familiar within the // provided httpreq. Try the next one. - // TODO check the loop } if (null == newAttributes) { // we do not have a provider which is capable of fetching something // from the received httpreq. - // TODO should we continue with the next attribute? Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); - throw new MOAIDException("stork.11", null); } // - fetch the container @@ -87,11 +88,8 @@ public class AttributeCollector implements IAction { throw new MOAIDException("stork.11", null); } - - // - insert the embedded attribute(s) into the container - for (PersonalAttribute current : newAttributes) - container.getResponse().getPersonalAttributeList().add(current); + addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes); // see if we need some more attributes return processRequest(container, httpReq, httpResp, moasession, oaParam); @@ -119,23 +117,35 @@ public class AttributeCollector implements IAction { try { // for each attribute still missing for (PersonalAttribute currentAttribute : missingAttributes) { - // - check if we can find a suitable AttributeProvider Plugin + + /* + * prefill attributes with "notAvailable". If we get them later, we override the value and status. + * This way, there is no error case in which an attribute is left unanswered. + */ + IPersonalAttributeList aquiredAttributes = new PersonalAttributeList(); + currentAttribute.setStatus("notAvailable"); + addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); + + // - check if we can find a suitable AttributeProvider Plugin for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { try { // - hand over control to the suitable plugin - IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); - - // - add the aquired attribute to the container - for (PersonalAttribute current : aquiredAttributes) - container.getResponse().getPersonalAttributeList().add(current); + aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); + break; } catch (UnsupportedAttributeException e) { // ok, try the next attributeprovider } catch (MOAIDException e) { // the current plugin had an error. Try the next one. - // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop } - } + + // check if we could fetch the attribute + if (null == aquiredAttributes) { + // if not + Logger.error("We have no suitable plugin for obtaining the attribute '" + currentAttribute.getName() + "'"); + } else + // else, update any existing attributes + addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); } // build response @@ -159,7 +169,6 @@ public class AttributeCollector implements IAction { // add container-key to redirect embedded within the return URL e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); - } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e1); @@ -238,6 +247,24 @@ public class AttributeCollector implements IAction { Logger.error("Velocity error: " + e.getMessage()); } } + + /** + * Adds or updates all {@link PersonalAttribute} objects given in {@code source} to/in {@code target}. + * + * @param target the target + * @param source the source + */ + private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) { + for (PersonalAttribute current : source) { + // check if we need to update the current pa + if (target.containsKey(current.getName())) { + target.get(current.getName()).setStatus(current.getStatus()); + target.get(current.getName()).setValue(current.getValue()); + target.get(current.getName()).setComplexValue(current.getComplexValue()); + } else + target.add(current); + } + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) -- cgit v1.2.3 From 8dbc7af299d5e7a1dd4d1085d2840ff00f403bbb Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Mar 2014 20:28:57 +0100 Subject: attribut test --- .../moa/id/entrypoints/DispatcherServlet.java | 2 +- .../id/protocols/stork2/AttributeCollector.java | 12 ++- .../moa/id/protocols/stork2/AttributeProvider.java | 1 + .../protocols/stork2/AttributeProviderFactory.java | 98 +++++++++++----------- .../id/protocols/stork2/MISAttributeProvider.java | 22 ++++- .../moa/id/protocols/stork2/MOASTORKRequest.java | 2 +- .../protocols/stork2/MandateRetrievalRequest.java | 28 +++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 8 +- 8 files changed, 116 insertions(+), 57 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 3af8bcfe5..647c8bb39 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -491,7 +491,7 @@ public class DispatcherServlet extends AuthServlet{ } } catch (Throwable e) { - Logger.info("An authentication error occous: " + e.getMessage());; + Logger.info("An authentication error occured: " + e.getMessage());; // Try handle module specific, if not possible rethrow if (!info.generateErrorMessage(e, req, resp, protocolRequest)) { throw e; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 57c68e94c..030d7c497 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -124,15 +124,18 @@ public class AttributeCollector implements IAction { try { // for each attribute still missing for (PersonalAttribute currentAttribute : missingAttributes) { + Logger.error("Checking missing attribute: " + currentAttribute.getName()); // - check if we can find a suitable AttributeProvider Plugin for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { try { // - hand over control to the suitable plugin + Logger.error("Going to acquire missing attribute: " + currentAttribute.getName() + " at provider: " + currentProvider.getClass().getName()); IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); // - add the aquired attribute to the container - for (PersonalAttribute current : aquiredAttributes) - container.getResponse().getPersonalAttributeList().add(current); + + try { for (PersonalAttribute current : aquiredAttributes) + container.getResponse().getPersonalAttributeList().add(current); } catch (NullPointerException ex) { Logger.error ("Nothing found");} } catch (UnsupportedAttributeException e) { // ok, try the next attributeprovider } catch (MOAIDException e) { @@ -154,6 +157,7 @@ public class AttributeCollector implements IAction { } catch (ExternalAttributeRequestRequiredException e) { // the attribute request is ongoing and requires an external service. + Logger.error("EXTERNAL EXCEPTION CAUGHT"); try { // memorize the container again // - generate new key @@ -163,19 +167,19 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL + Logger.info("Performing redirect to gather attributes to: " + AuthConfigurationProvider.getInstance().getPublicURLPrefix()); e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); + e1.printStackTrace(); throw new MOAIDException("stork.11", null); } return "12345"; // TODO what to do here? } - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 59376fef6..2ecae1288 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -52,4 +52,5 @@ public interface AttributeProvider { */ public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 23edf69f9..953758dc3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -1,59 +1,61 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; + import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; - /** * A factory for creating AttributeProvider objects. */ public class AttributeProviderFactory { - /** - * Gets the available plugins. - * - * @return the available plugins - */ - public static List getAvailablePlugins() { - List result = new ArrayList(); - result.add("StorkAttributeRequestProvider"); - result.add("EHvdAttributeProvider"); - - return result; - } - - /** - * Creates an AttributeProvider object for the given shortname. Returns - * {@code null} if there is no such provider available. - * - * @param shortname - * the simpleName for the providers class - * @return the attribute provider - */ - public static AttributeProvider create(String shortname, String url) { - if (shortname.equals("StorkAttributeRequestProvider")) { - return new StorkAttributeRequestProvider(url); - } else if(shortname.equals("EHvdAttributeProvider")) { - return new EHvdAttributeProviderPlugin(url); - } else { - return null; - } - } - - /** - * Gets fresh instances of the configured plugins. - * - * @param configuredAPs the configured a ps - * @return the configured plugins - */ - public static List getConfiguredPlugins( - List configuredAPs) { - - List result = new ArrayList(); - for(AttributeProviderPlugin current : configuredAPs) - result.add(create(current.getName(), current.getUrl())); - - return result; - } + /** + * Gets the available plugins. + * + * @return the available plugins + */ + public static List getAvailablePlugins() { + List result = new ArrayList(); + result.add("StorkAttributeRequestProvider"); + result.add("EHvdAttributeProvider"); + result.add("MISAttributeProvider"); + + return result; + } + + /** + * Creates an AttributeProvider object for the given shortname. Returns + * {@code null} if there is no such provider available. + * + * @param shortname the simpleName for the providers class + * @return the attribute provider + */ + public static AttributeProvider create(String shortname, String url) { + if (shortname.equals("StorkAttributeRequestProvider")) { + return new StorkAttributeRequestProvider(url); + } else if (shortname.equals("EHvdAttributeProvider")) { + return new EHvdAttributeProviderPlugin(url); + } else if (shortname.equals("MISAttributeProvider")) { + return new MISAttributeProvider(url); + } else { + return null; + } + } + + /** + * Gets fresh instances of the configured plugins. + * + * @param configuredAPs the configured a ps + * @return the configured plugins + */ + public static List getConfiguredPlugins( + List configuredAPs) { + + List result = new ArrayList(); + for (AttributeProviderPlugin current : configuredAPs) + result.add(create(current.getName(), current.getUrl())); + + return result; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java index 7665bb239..8cdbfd37c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -13,15 +14,34 @@ import javax.servlet.http.HttpServletResponse; * Implements Attribute Provider for Mandates */ public class MISAttributeProvider implements AttributeProvider { + + String url = null; + + public MISAttributeProvider(String url) { + this.url = url; + } + public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + Logger.error("Entering MIS for attribute: " + attributes.getName()); + + if (attributes.getName().equals("residencePermit")) { + Logger.error("MIS EXCEPTION: " + attributes.getName()); + throw new ExternalAttributeRequestRequiredException(this); + } + return null; // } public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - // + Logger.error("Entering MIS redirect for attribute: " ); + } public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { return null; // } + + public String getName() { + return "MandateProvider"; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 47a86174f..39a6907c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -52,7 +52,7 @@ public class MOASTORKRequest implements IRequest { return this.storkAttrQueryRequest; } - public String getOAURL() { + public String getOAURL() { // TODO CHECK IT if (isAuthnRequest) return storkAuthnRequest.getAssertionConsumerServiceURL(); else if (isAttrRequest) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java new file mode 100644 index 000000000..bad711dbb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import com.sun.xml.ws.security.trust.WSTrustConstants; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Processes mandate data after authentication is done in AT + * @author bsuzic + */ +public class MandateRetrievalRequest implements IAction { + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + return null; // + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + return true; + } + + public String getDefaultActionName() { + return STORKProtocol.MANDATERETRIEVALREQUEST; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index e68b66510..3762a5101 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -31,6 +31,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector"; + public static final String MANDATERETRIEVALREQUEST = "MandateRetrievalRequest"; private static HashMap actions = new HashMap(); @@ -102,16 +103,19 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } catch (ClassCastException e) { + Logger.error("Could not extract authenticaiton request"); } - // check if a valid attr request is container + // check if a valid attr request is containerd try { attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } catch (ClassCastException e) { + Logger.error("Could not extract attribute request"); } - // if there is no authn or attr request, raise error if ((authnRequest == null) && (attrRequest == null)) { Logger.error("There is no authentication or attribute request contained."); -- cgit v1.2.3 From e503775e1b98bb9ff5ed188a5ff574026c022461 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 4 Mar 2014 13:21:14 +0100 Subject: refactored attributecollector url --- .../at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index c5125912a..bd32bfc78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -164,7 +164,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); + e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? -- cgit v1.2.3 From 4843bccbf840ae93f855ef6548683ee794593915 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 4 Mar 2014 13:23:37 +0100 Subject: vidp can handle attrquery and authnrequest --- .../id/protocols/stork2/AttributeCollector.java | 34 +++++----- .../id/protocols/stork2/AuthenticationRequest.java | 68 +++++++++----------- .../moa/id/protocols/stork2/DataContainer.java | 24 +++---- .../moa/id/protocols/stork2/MOASTORKRequest.java | 29 ++++++++- .../moa/id/protocols/stork2/MOASTORKResponse.java | 75 ++++++++++++++++++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 16 ++--- 6 files changed, 169 insertions(+), 77 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index bd32bfc78..5f46153af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -19,8 +19,6 @@ import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.apache.velocity.Template; @@ -183,15 +181,18 @@ public class AttributeCollector implements IAction { * @throws MOAIDException the mOAID exception */ private void generateSTORKResponse(DataContainer container) throws MOAIDException { - STORKAuthnResponse authnResponse = container.getResponse(); - STORKAuthnRequest authnRequest = container.getRequest(); + MOASTORKRequest request = container.getRequest(); + MOASTORKResponse response = container.getResponse(); try { //Get SAMLEngine instance STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); Logger.debug("Starting generation of SAML response"); - authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false); - + if(response.isAuthnResponse()) + response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false)); + else + response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false)); + //generateSAML Token Logger.info("SAML response succesfully generated!"); } catch (STORKSAMLEngineException e) { @@ -200,11 +201,6 @@ public class AttributeCollector implements IAction { } Logger.info("STORK SAML Response message succesfully generated "); - Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); - Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); - Logger.debug("authn saml encodedx: " + PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml())); - - container.setResponse(authnResponse); } /** @@ -214,17 +210,23 @@ public class AttributeCollector implements IAction { * @param container the container */ private void generateRedirectResponse(HttpServletResponse httpResp, DataContainer container) { - STORKAuthnResponse authnResponse = container.getResponse(); - STORKAuthnRequest authnRequest = container.getRequest(); + MOASTORKResponse authnResponse = container.getResponse(); + MOASTORKRequest authnRequest = container.getRequest(); // preparing redirection for the client try { VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); VelocityContext context = new VelocityContext(); - - context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml()).getBytes()); - Logger.debug("SAMLResponse original: " + new String(authnResponse.getTokenSaml()).getBytes()); + + byte[] blob; + if(authnRequest.isAttrRequest()) + blob = authnResponse.getStorkAttrQueryResponse().getTokenSaml(); + else + blob = authnResponse.getStorkAuthnResponse().getTokenSaml(); + + context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob).getBytes()); + Logger.debug("SAMLResponse original: " + new String(blob).getBytes()); Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); context.put("action", authnRequest.getAssertionConsumerServiceURL()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 18d0b479e..619935abe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -44,61 +44,55 @@ public class AuthenticationRequest implements IAction { Logger.debug("Entering MOASTORKRequest"); httpResp.reset(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); + // check if it is attribute query if (moaStorkRequest.isAttrRequest()) { Logger.debug("Starting AttrQueryRequest"); - STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse(); - IPersonalAttributeList personalAttributeList = moaStorkRequest.getStorkAttrQueryRequest().getPersonalAttributeList(); - - // TODO Check if this instance is eligible to fetch attributes locally, assuming yes - - return (new AttributeCollector()).processRequest(req, httpReq, httpResp, moasession); - - } else - // check if we have authentication request - if (moaStorkRequest.isAuthnRequest()) { - Logger.debug("Starting AuthenticationRequest"); - - STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry(moaStorkRequest.getStorkAuthnRequest().getSpCountry()); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); - - // Get personal attributtes from MOA/IdentityLink - authnResponse.setPersonalAttributeList(populateAttributes()); + + moaStorkResponse.setSTORKAttrResponse(new STORKAttrQueryResponse()); + } + // check if we have authentication request + else if (moaStorkRequest.isAuthnRequest()) { + Logger.debug("Starting AuthenticationRequest"); - // Prepare extended attributes - Logger.debug("Preparing data container"); + moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); + // Get personal attributtes from MOA/IdentityLink + moaStorkResponse.setPersonalAttributeList(populateAttributes()); + } + + moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); - // create fresh container - DataContainer container = new DataContainer(); + // Prepare extended attributes + Logger.debug("Preparing data container"); - // - fill in the request we extracted above - container.setRequest(moaStorkRequest.getStorkAuthnRequest()); + // create fresh container + DataContainer container = new DataContainer(); - // - fill in the partial response created above - container.setResponse(authnResponse); + // - fill in the request we extracted above + container.setRequest(moaStorkRequest); - // - memorize the target url were we have to return the result - container.setTarget(moaStorkRequest.getStorkAuthnRequest().getAssertionConsumerServiceURL()); + // - fill in the partial response created above + container.setResponse(moaStorkResponse); - container.setRemoteAddress(httpReq.getRemoteAddr()); + // - memorize the target url were we have to return the result + container.setTarget(moaStorkRequest.getAssertionConsumerServiceURL()); + container.setRemoteAddress(httpReq.getRemoteAddr()); - Logger.debug("Data container prepared"); - return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + Logger.debug("Data container prepared"); - } + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); } else { Logger.error("Could not recognize request."); throw new MOAIDException("stork.15", null); } - - return null; } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java index a1c40526d..74239318b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java @@ -2,10 +2,6 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.io.Serializable; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; - -// TODO: Auto-generated Javadoc /** * Holds info about an ongoing but yet incomplete stork authnrequest process. */ @@ -15,10 +11,10 @@ public class DataContainer implements Serializable { private static final long serialVersionUID = -8765997480582363012L; /** The incoming request. */ - private STORKAuthnRequest request; + private MOASTORKRequest request; /** The yet incomplete response. */ - private STORKAuthnResponse response; + private MOASTORKResponse response; /** The target. */ private String target; @@ -31,17 +27,17 @@ public class DataContainer implements Serializable { * * @return the request */ - public STORKAuthnRequest getRequest() { + public MOASTORKRequest getRequest() { return request; } /** * Sets the request. * - * @param request the new request + * @param moaStorkRequest the new request */ - public void setRequest(STORKAuthnRequest request) { - this.request = request; + public void setRequest(MOASTORKRequest moaStorkRequest) { + this.request = moaStorkRequest; } /** @@ -49,17 +45,17 @@ public class DataContainer implements Serializable { * * @return the response */ - public STORKAuthnResponse getResponse() { + public MOASTORKResponse getResponse() { return response; } /** * Sets the response. * - * @param response the new response + * @param moaStorkResponse the new response */ - public void setResponse(STORKAuthnResponse response) { - this.response = response; + public void setResponse(MOASTORKResponse moaStorkResponse) { + this.response = moaStorkResponse; } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 47a86174f..fa7db82c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -1,7 +1,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import java.io.Serializable; + import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAuthnRequest; @@ -11,8 +14,9 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest; * @author bsuzic */ -public class MOASTORKRequest implements IRequest { - private String requestID; +public class MOASTORKRequest implements IRequest, Serializable { + private static final long serialVersionUID = 4581953368724501376L; + private String requestID; private String target = null; String module = null; String action = null; @@ -102,4 +106,25 @@ public class MOASTORKRequest implements IRequest { public String getRequestID() { return this.requestID; } + + public IPersonalAttributeList getPersonalAttributeList() { + if(isAttrRequest()) + return this.storkAttrQueryRequest.getPersonalAttributeList(); + else + return this.storkAuthnRequest.getPersonalAttributeList(); + } + + public String getSpCountry() { + if(isAttrRequest()) + return this.storkAttrQueryRequest.getSpCountry(); + else + return this.storkAuthnRequest.getSpCountry(); + } + + public String getAssertionConsumerServiceURL() { + if(isAttrRequest()) + return this.storkAttrQueryRequest.getAssertionConsumerServiceURL(); + else + return this.storkAuthnRequest.getAssertionConsumerServiceURL(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java new file mode 100644 index 000000000..36f5a80b4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java @@ -0,0 +1,75 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.io.Serializable; + +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.commons.STORKAuthnResponse; + +/** + * Implements MOA request and stores StorkAuthn/Attr-Request related data + * + * @author bsuzic + */ + +public class MOASTORKResponse implements Serializable { + private static final long serialVersionUID = -5798803155055518747L; + private STORKAuthnResponse storkAuthnRequest; + private STORKAttrQueryResponse storkAttrQueryRequest; + private boolean isAttrRequest = false; + private boolean isAuthnRequest = false; + + public void setSTORKAuthnResponse(STORKAuthnResponse request) { + this.storkAuthnRequest = request; + if (request != null) { + isAuthnRequest = true; + } + } + + public void setSTORKAttrResponse(STORKAttrQueryResponse request) { + this.storkAttrQueryRequest = request; + if (request != null) { + isAttrRequest = true; + } + } + + public boolean isAttrResponse() { + return this.isAttrRequest; + } + + public boolean isAuthnResponse() { + return this.isAuthnRequest; + } + + + public STORKAuthnResponse getStorkAuthnResponse() { + return this.storkAuthnRequest; + } + + public STORKAttrQueryResponse getStorkAttrQueryResponse() { + return this.storkAttrQueryRequest; + } + + public IPersonalAttributeList getPersonalAttributeList() { + if(isAttrResponse()) + return this.storkAttrQueryRequest.getPersonalAttributeList(); + else + return this.storkAuthnRequest.getPersonalAttributeList(); + } + + public void setPersonalAttributeList(PersonalAttributeList populateAttributes) { + if(isAttrResponse()) + this.storkAttrQueryRequest.setPersonalAttributeList(populateAttributes); + else + this.storkAuthnRequest.setPersonalAttributeList(populateAttributes); + } + + public void setCountry(String spCountry) { + if(isAttrResponse()) + this.storkAttrQueryRequest.setCountry(spCountry); + else + this.storkAuthnRequest.setCountry(spCountry); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index e68b66510..d2f2ff663 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -102,14 +102,14 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); - } - - - // check if a valid attr request is container - try { - attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); - } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } catch(ClassCastException e) { + // we do not have a authnRequest + // check if a valid attr request is container + try { + attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { + Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } } // if there is no authn or attr request, raise error -- cgit v1.2.3 From 4e5383a60b4cc2db7b51883f2e85aeff6f3f70cd Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 4 Mar 2014 16:09:21 +0100 Subject: fixed eHVD plugin --- .../id/protocols/stork2/AttributeCollector.java | 4 +-- .../stork2/EHvdAttributeProviderPlugin.java | 39 ++++++++++++++++------ 2 files changed, 30 insertions(+), 13 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 5f46153af..7342a45aa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -225,8 +225,8 @@ public class AttributeCollector implements IAction { else blob = authnResponse.getStorkAuthnResponse().getTokenSaml(); - context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob).getBytes()); - Logger.debug("SAMLResponse original: " + new String(blob).getBytes()); + context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob)); + Logger.debug("SAMLResponse original: " + new String(blob)); Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); context.put("action", authnRequest.getAssertionConsumerServiceURL()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 4404af4e3..f97d8c804 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -8,6 +8,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPBody; @@ -27,6 +28,7 @@ import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -61,7 +63,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { ExternalAttributeRequestRequiredException, MOAIDException { // break when we cannot handle the requested attribute - if(!attributes.getFriendlyName().equals("isHCP")) + if(!attributes.getName().equals("isHealthCareProfessional")) throw new UnsupportedAttributeException(); try { @@ -95,8 +97,9 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { // SOAP Body SOAPBody requestBody = envelope.getBody(); SOAPElement requestBodyElem = requestBody.addChildElement("IsHealthcareProfessional"); + requestBodyElem.addAttribute(new QName("xmlns"), "http://gesundheit.gv.at/BAGDAD/DataAccessService"); SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK"); - requestBodyElem1.addTextNode(moasession.getIdentityLink().getIdentificationValue()); + requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(moasession.getIdentityLink().getIdentificationValue(), "GH")); requestMessage.saveChanges(); @@ -154,26 +157,34 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { if (collection.get("IsHealthcareProfessional").equals("false")) { // the citizen is no HCP - acquiredAttribute = new PersonalAttribute("isHCP", false, new ArrayList(), "NotAvailable"); + acquiredAttribute = new PersonalAttribute("isHealthCareProfessional", false, new ArrayList(), "NotAvailable"); } else { // go on and parse the data Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + + // create the root element + Element root = doc.createElement("isHealthCareProfessional"); + doc.appendChild(root); Element orgname = doc.createElement("nameOfOrganisation"); - orgname.appendChild(doc.createTextNode(collection.get("NameOfOrganization"))); - doc.appendChild(orgname); + orgname.appendChild(doc.createTextNode(collection.get("NameOfOrganisation"))); + root.appendChild(orgname); Element type = doc.createElement("HCP"); // TODO fix value mapping - if (collection.get("Type").equals("Medical Doctors")) + if (collection.get("Type").equals("Medical doctor")) type.appendChild(doc.createTextNode("D")); - doc.appendChild(type); + root.appendChild(type); Element specialization = doc.createElement("specialisation"); - // TODO fix value mapping - specialization.appendChild(doc.createTextNode(collection.get("Specialization").substring(0, 2))); - doc.appendChild(specialization); + if (collection.get("Specialization").contains("Arzt für Allgemeinmedizin")) + specialization.appendChild(doc.createTextNode("GP")); + root.appendChild(specialization); + + Element aqaa = doc.createElement("AQAA"); + aqaa.appendChild(doc.createTextNode("4")); + root.appendChild(aqaa); // get string from dom tree Source source = new DOMSource(doc); @@ -187,12 +198,18 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { ArrayList value = new ArrayList(); value.add(out.toString()); - acquiredAttribute = new PersonalAttribute("isHCP", false, value, "Available"); + acquiredAttribute = new PersonalAttribute("isHealthCareProfessional", false, value, "Available"); } // pack and return the result PersonalAttributeList result = new PersonalAttributeList(); result.add(acquiredAttribute); + + // add stork id for verification + ArrayList value = new ArrayList(); + value.add(new BPKBuilder().buildStorkbPK(moasession.getIdentityLink().getIdentificationValue(), "IT")); + result.add(new PersonalAttribute("eIdentifier", false, value, "Available")); + return result; } catch (Exception e) { -- cgit v1.2.3 From 7ce4c799eb26f65ef8826b74d0fb09a8d1f4949d Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 4 Mar 2014 17:05:01 +0100 Subject: fixed response handling --- .../id/protocols/stork2/AttributeCollector.java | 22 +++++++++++----------- .../moa/id/protocols/stork2/STORKProtocol.java | 9 +++++---- 2 files changed, 16 insertions(+), 15 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 7342a45aa..b2f5076b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -49,8 +49,18 @@ public class AttributeCollector implements IAction { */ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + // - fetch the container + String artifactId = (String) httpReq.getParameter(ARTIFACT_ID); + DataContainer container; + try { + container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); + } catch (MOADatabaseException e) { + Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); + throw new MOAIDException("stork.11", null); + } + // read configuration parameters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); if (oaParam == null) throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); @@ -73,16 +83,6 @@ public class AttributeCollector implements IAction { Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); } - // - fetch the container - String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); - DataContainer container; - try { - container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); - } catch (MOADatabaseException e) { - Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); - throw new MOAIDException("stork.11", null); - } - // - insert the embedded attribute(s) into the container addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index d2f2ff663..638035008 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -71,16 +71,17 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.debug("Request content length: " + request.getContentLength()); Logger.debug("Initiating action: " + action); + MOASTORKRequest STORK2Request = new MOASTORKRequest(); + + if (AttributeCollector.class.getSimpleName().equals(action)) + return STORK2Request; + HTTPInTransport profileReq = new HttpServletRequestAdapter(request); HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure()); - BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); samlMessageContext.setInboundMessageTransport(profileReq); - MOASTORKRequest STORK2Request = new MOASTORKRequest(); - - //extract STORK Response from HTTP Request byte[] decSamlToken; try { -- cgit v1.2.3 From cd0887a43b0b4350e736433c2b513901a2151601 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 17:51:06 +0100 Subject: after merge, having problem --- .../java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 2 +- .../egovernment/moa/id/protocols/stork2/AttributeCollector.java | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index ce5aa15c3..6f6d9611a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -125,7 +125,7 @@ import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; import eu.stork.oasisdss.api.AdditionalProfiles; import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.api.exceptions.ApiUtilsException; import eu.stork.oasisdss.api.Profiles; import eu.stork.oasisdss.api.QualityLevels; import eu.stork.oasisdss.api.SignatureTypes; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 84831a7b5..10cdcba6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -62,7 +62,12 @@ public class AttributeCollector implements IAction { this.httpResp = httpResp; - // find the attribute provider plugin that can handle the response + // read configuration parameters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + + // find the attribute provider plugin that can handle the response IPersonalAttributeList newAttributes = null; for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) try { @@ -167,7 +172,7 @@ public class AttributeCollector implements IAction { } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); - throw new MOAIDException("stork.11", An Introduction to Knowledge Engineeringnull); + throw new MOAIDException("stork.11", null); } return "12345"; // TODO what to do here? -- cgit v1.2.3 From 55885d24e176c92b97af233796189c8b2cc88808 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 20:16:23 +0100 Subject: attr --- .../moa/id/protocols/stork2/AttributeCollector.java | 15 +++++++-------- .../moa/id/protocols/stork2/MISAttributeProvider.java | 2 +- 2 files changed, 8 insertions(+), 9 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 10cdcba6c..e816725c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -48,9 +48,8 @@ import eu.stork.peps.auth.commons.PersonalAttribute; public class AttributeCollector implements IAction { /** - * The Constant ARTIFACT_ID. - */ - private static final String ARTIFACT_ID = "artifactId"; + /** The Constant ARTIFACT_ID. */ + private static final String ARTIFACT_ID = "artifactId"; private DataContainer container; private HttpServletResponse httpResp; @@ -62,12 +61,12 @@ public class AttributeCollector implements IAction { this.httpResp = httpResp; - // read configuration parameters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + // read configuration parameters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); - // find the attribute provider plugin that can handle the response + // find the attribute provider plugin that can handle the response IPersonalAttributeList newAttributes = null; for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java index 8cdbfd37c..ec38db513 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java @@ -26,7 +26,7 @@ public class MISAttributeProvider implements AttributeProvider { if (attributes.getName().equals("residencePermit")) { Logger.error("MIS EXCEPTION: " + attributes.getName()); - throw new ExternalAttributeRequestRequiredException(this); + //throw new ExternalAttributeRequestRequiredException(this); } return null; // -- cgit v1.2.3 From 458a579978fa4fd0718c754bb8b6ca41f82d8145 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 20:33:36 +0100 Subject: after chaning --- .../id/protocols/stork2/AttributeCollector.java | 58 +--------------------- 1 file changed, 2 insertions(+), 56 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 72dddee88..0317322ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -15,25 +15,6 @@ import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; -<<<<<<< HEAD - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; - -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -======= import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -47,7 +28,6 @@ import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; ->>>>>>> origin/bs_3_fr /** * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. @@ -56,7 +36,6 @@ import javax.servlet.http.HttpServletResponse; * interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes. * * TODO how do we treat mandatory and optional attributes? - * */ public class AttributeCollector implements IAction { @@ -70,8 +49,6 @@ public class AttributeCollector implements IAction { */ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { -<<<<<<< HEAD -======= // - fetch the container String artifactId = (String) httpReq.getParameter(ARTIFACT_ID); DataContainer container; @@ -82,7 +59,6 @@ public class AttributeCollector implements IAction { throw new MOAIDException("stork.11", null); } ->>>>>>> origin/bs_3_fr // read configuration parameters of OA OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); if (oaParam == null) @@ -107,33 +83,20 @@ public class AttributeCollector implements IAction { Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); } -<<<<<<< HEAD - // - fetch the container - String artifactId = (String) httpReq.getAttribute(ARTIFACT_ID); - DataContainer container; - try { - container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); - } catch (MOADatabaseException e) { - Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); - throw new MOAIDException("stork.11", null); - } - -======= ->>>>>>> origin/bs_3_fr // - insert the embedded attribute(s) into the container addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes); // see if we need some more attributes return processRequest(container, httpReq, httpResp, moasession, oaParam); } - + /** * Checks if there are missing attributes and tries to fetch them. If there are no more attribute to fetch, * this very method creates and sends the protocol result to the asking S-PEPS. * * @param container the {@link DataContainer} representing the status of the overall query. * @return the string - * @throws MOAIDException + * @throws MOAIDException */ public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { // check if there are attributes we need to fetch @@ -199,11 +162,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL -<<<<<<< HEAD - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); -======= e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); ->>>>>>> origin/bs_3_fr } catch (Exception e1) { // TODO should we return the response as is to the PEPS? @@ -222,13 +181,8 @@ public class AttributeCollector implements IAction { * @throws MOAIDException the mOAID exception */ private void generateSTORKResponse(DataContainer container) throws MOAIDException { -<<<<<<< HEAD - STORKAuthnResponse authnResponse = container.getResponse(); - STORKAuthnRequest authnRequest = container.getRequest(); -======= MOASTORKRequest request = container.getRequest(); MOASTORKResponse response = container.getResponse(); ->>>>>>> origin/bs_3_fr try { //Get SAMLEngine instance @@ -247,14 +201,6 @@ public class AttributeCollector implements IAction { } Logger.info("STORK SAML Response message succesfully generated "); -<<<<<<< HEAD - Logger.debug("authn saml plain:" + authnResponse.getTokenSaml()); - Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); - Logger.debug("authn saml encodedx: " + PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml())); - - container.setResponse(authnResponse); -======= ->>>>>>> origin/bs_3_fr } /** -- cgit v1.2.3 From 683209b2aabf589e1e22ed9cb7c69d6e76442bb0 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 4 Mar 2014 20:40:29 +0100 Subject: after merging, inspecting, fixing, tbc. --- .../moa/id/protocols/stork2/STORKProtocol.java | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 5e9d50221..a361d5f67 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IAction; @@ -105,20 +104,6 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); -<<<<<<< HEAD - } catch (ClassCastException e) { - Logger.error("Could not extract authenticaiton request"); - } - - - // check if a valid attr request is containerd - try { - attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); - } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); - } catch (ClassCastException e) { - Logger.error("Could not extract attribute request"); -======= } catch(ClassCastException e) { // we do not have a authnRequest // check if a valid attr request is container @@ -127,8 +112,8 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); } ->>>>>>> origin/bs_3_fr } + // if there is no authn or attr request, raise error if ((authnRequest == null) && (attrRequest == null)) { Logger.error("There is no authentication or attribute request contained."); -- cgit v1.2.3 From b454a8760bc2692d3d9c4fa3d0477c620895a95b Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 5 Mar 2014 07:44:28 +0100 Subject: check whether attributes obtained from different sources match --- .../gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index b2f5076b6..aad80512a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -257,6 +257,13 @@ public class AttributeCollector implements IAction { for (PersonalAttribute current : source) { // check if we need to update the current pa if (target.containsKey(current.getName())) { + PersonalAttribute existing = target.get(current.getName()); + if(!(existing.isEmptyValue() && existing.isEmptyComplexValue())) + if(!(existing.getValue().equals(current.getValue()) || existing.getComplexValue().equals(current.getComplexValue()))) { + Logger.error("Attribute Value does not match the value from first authentication!"); + throw new MOAIDException("stork.14", null); + } + target.get(current.getName()).setStatus(current.getStatus()); target.get(current.getName()).setValue(current.getValue()); target.get(current.getName()).setComplexValue(current.getComplexValue()); -- cgit v1.2.3 From dbbf8045afe2ddf9a1ba4a4f511d85ffcba32cf8 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 5 Mar 2014 08:00:01 +0100 Subject: fixed bug in loop prevention --- .../at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java | 1 + 1 file changed, 1 insertion(+) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index aad80512a..7aab42426 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -119,6 +119,7 @@ public class AttributeCollector implements IAction { */ IPersonalAttributeList aquiredAttributes = new PersonalAttributeList(); currentAttribute.setStatus("notAvailable"); + aquiredAttributes.add((PersonalAttribute) currentAttribute.clone()); addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); // - check if we can find a suitable AttributeProvider Plugin -- cgit v1.2.3 From 1ba3c2042e0c4da08af39db6172ff1206dfece36 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 5 Mar 2014 10:22:46 +0100 Subject: ap plugins can be configured to listen to certain attributes --- .../moa/id/protocols/stork2/AttributeProviderFactory.java | 8 ++++---- .../id/protocols/stork2/EHvdAttributeProviderPlugin.java | 11 ++++++++--- .../id/protocols/stork2/StorkAttributeRequestProvider.java | 13 +++++++++++-- 3 files changed, 23 insertions(+), 9 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 23edf69f9..de079c960 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -31,11 +31,11 @@ public class AttributeProviderFactory { * the simpleName for the providers class * @return the attribute provider */ - public static AttributeProvider create(String shortname, String url) { + public static AttributeProvider create(String shortname, String url, String attributes) { if (shortname.equals("StorkAttributeRequestProvider")) { - return new StorkAttributeRequestProvider(url); + return new StorkAttributeRequestProvider(url, attributes); } else if(shortname.equals("EHvdAttributeProvider")) { - return new EHvdAttributeProviderPlugin(url); + return new EHvdAttributeProviderPlugin(url, attributes); } else { return null; } @@ -52,7 +52,7 @@ public class AttributeProviderFactory { List result = new ArrayList(); for(AttributeProviderPlugin current : configuredAPs) - result.add(create(current.getName(), current.getUrl())); + result.add(create(current.getName(), current.getUrl(), current.getAttributes())); return result; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index f97d8c804..a36855d33 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -44,26 +44,31 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /** The destination. */ private Object destination; + + /** The attributes. */ + private String attributes; /** * Instantiates a new e hvd attribute provider plugin. * * @param url the service url + * @param attributes */ - public EHvdAttributeProviderPlugin(String url) { + public EHvdAttributeProviderPlugin(String url, String supportedAttributes) { destination = url; + attributes = supportedAttributes; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ @Override - public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) + public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { // break when we cannot handle the requested attribute - if(!attributes.getName().equals("isHealthCareProfessional")) + if(!attributes.contains(attribute.getName())) throw new UnsupportedAttributeException(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 797695a00..d8becaaf7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -34,14 +34,19 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /** The destination. */ private String destination; - + + /** The attributes. */ + private String attributes; + /** * Instantiates a new stork attribute request provider. * * @param apUrl the AP location + * @param supportedAttributes the supported attributes as csv */ - public StorkAttributeRequestProvider(String apUrl) { + public StorkAttributeRequestProvider(String apUrl, String supportedAttributes) { destination = apUrl; + attributes = supportedAttributes; } /* (non-Javadoc) @@ -49,6 +54,10 @@ public class StorkAttributeRequestProvider implements AttributeProvider { */ public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { + + if (!attributes.contains(attribute.getName())) + throw new UnsupportedAttributeException(); + requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(attribute); throw new ExternalAttributeRequestRequiredException(this); -- cgit v1.2.3 From 31a10590f3efee8aca463b43623ee689f7b0c605 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 5 Mar 2014 10:33:14 +0100 Subject: fixed throws declaration --- .../at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 7aab42426..f23e0f599 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -253,8 +253,9 @@ public class AttributeCollector implements IAction { * * @param target the target * @param source the source + * @throws MOAIDException */ - private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) { + private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException { for (PersonalAttribute current : source) { // check if we need to update the current pa if (target.containsKey(current.getName())) { -- cgit v1.2.3 From 19e164874ea92d51f9df12f56047d77db9683091 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 5 Mar 2014 20:57:05 +0100 Subject: storkid derivation pro country --- .../moa/id/auth/AuthenticationServer.java | 3928 ++++++++++---------- .../id/auth/builder/InfoboxReadRequestBuilder.java | 197 +- .../gv/egovernment/moa/id/config/OAParameter.java | 20 +- 3 files changed, 2066 insertions(+), 2079 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 6f6d9611a..01a2e5485 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1,74 +1,9 @@ package at.gv.egovernment.moa.id.auth; -import iaik.asn1.ObjectID; -import iaik.util.logging.Log; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.StringWriter; -import java.math.BigInteger; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.cert.CertificateException; -import java.util.ArrayList; -//import java.security.cert.CertificateFactory; -import java.util.Calendar; -import java.util.Date; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Vector; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.TransformerException; - -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.apache.xpath.XPathAPI; -import org.opensaml.common.IdentifierGenerator; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import org.w3c.dom.DOMException; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.*; +import at.gv.egovernment.moa.id.auth.data.*; +import at.gv.egovernment.moa.id.auth.exception.*; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -81,13 +16,9 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; -//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -109,13 +40,7 @@ import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moa.util.*; import at.gv.util.xsd.mis.MandateIdentifiers; import at.gv.util.xsd.mis.Target; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; @@ -123,12 +48,8 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; -import eu.stork.oasisdss.api.AdditionalProfiles; -import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.*; import eu.stork.oasisdss.api.exceptions.ApiUtilsException; -import eu.stork.oasisdss.api.Profiles; -import eu.stork.oasisdss.api.QualityLevels; -import eu.stork.oasisdss.api.SignatureTypes; import eu.stork.oasisdss.profile.AnyType; import eu.stork.oasisdss.profile.DocumentType; import eu.stork.oasisdss.profile.SignRequest; @@ -138,6 +59,42 @@ import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; +import iaik.asn1.ObjectID; +import iaik.util.logging.Log; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.apache.xpath.XPathAPI; +import org.opensaml.common.IdentifierGenerator; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.xml.util.Base64; +import org.opensaml.xml.util.XMLHelper; +import org.w3c.dom.*; +import org.xml.sax.SAXException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.StringWriter; +import java.math.BigInteger; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.cert.CertificateException; +import java.util.*; + +//import java.security.cert.CertificateFactory; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; /** * API for MOA ID Authentication Service.
{@link AuthenticationSession} is @@ -149,148 +106,147 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException; */ public class AuthenticationServer implements MOAIDAuthConstants { - /** single instance */ - private static AuthenticationServer instance; - - /** - * time out in milliseconds used by {@link cleanup} for session store - */ - private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes - private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes - /** - * time out in milliseconds used by {@link cleanup} for authentication data - * store - */ - private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes - - /** - * Returns the single instance of AuthenticationServer. - * - * @return the single instance of AuthenticationServer - */ - public static AuthenticationServer getInstance() { - if (instance == null) - instance = new AuthenticationServer(); - return instance; - } - - /** - * Constructor for AuthenticationServer. - */ - public AuthenticationServer() { - super(); - } - - - /** - * Processes the beginning of an authentication session. - *

    - *
  • Starts an authentication session
    • - *
  • Creates an <InfoboxReadRequest>
    • - *
  • Creates an HTML form for querying the identity link from the security - * layer implementation.
    - * Form parameters include - *
      - *
    • the <InfoboxReadRequest>
      • - *
    • the data URL where the security layer implementation sends it - * response to
      • - *
    - *
- * - * @param authURL - * URL of the servlet to be used as data URL - * @param target - * "Geschäftsbereich" of the online application requested - * @param targetFriendlyName - * Friendly name of the target if the target is configured via - * configuration - * @param oaURL - * online application URL requested - * @param bkuURL - * URL of the "Bürgerkartenumgebung" to be used; may be - * null; in this case, the default location will be - * used - * @param useMandate - * Indicates if mandate is used or not - * @param templateURL - * URL providing an HTML template for the HTML form generated - * @param templateMandteURL - * URL providing an HTML template for the HTML form generated - * (for signing in mandates mode) - * @param req - * determines the protocol used - * @param sourceID - * @return HTML form - * @throws AuthenticationException - * @see GetIdentityLinkFormBuilder - * @see InfoboxReadRequestBuilder - */ - public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException, - AuthenticationException, ConfigurationException, BuildException { - - if (session == null) { - throw new AuthenticationException("auth.18", new Object[] { }); - } - - //load OnlineApplication configuration - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); - - //load Template - String template = null; - if (session.getTemplateURL() != null) { - try { - - template = new String(FileUtils.readURL(session.getTemplateURL())); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - session.getTemplateURL(), ex.toString() }, ex); - } - } - - String infoboxReadRequest = ""; - - String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); - if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { - //do not use SSO if no Target is set - Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); - session.setSsoRequested(false); - - } - - if (session.isSsoRequested()) { - //load identityLink with SSO Target - boolean isbuisness = false; - - if (domainIdentifier.startsWith(PREFIX_WPBK)) { - - isbuisness = true; - - } else { - isbuisness = false; - - } - - //build ReadInfobox request - infoboxReadRequest = new InfoboxReadRequestBuilder().build( - isbuisness, domainIdentifier); - - } else { - //build ReadInfobox request - infoboxReadRequest = new InfoboxReadRequestBuilder().build( - oaParam.getBusinessService(), oaParam - .getIdentityLinkDomainIdentifier()); - } - - - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session - .getSessionID()); - - //removed in MOAID 2.0 - String pushInfobox = ""; + /** + * single instance + */ + private static AuthenticationServer instance; + + /** + * time out in milliseconds used by {@link cleanup} for session store + */ + private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes + private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes + /** + * time out in milliseconds used by {@link cleanup} for authentication data + * store + */ + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + + /** + * Returns the single instance of AuthenticationServer. + * + * @return the single instance of AuthenticationServer + */ + public static AuthenticationServer getInstance() { + if (instance == null) + instance = new AuthenticationServer(); + return instance; + } + + /** + * Constructor for AuthenticationServer. + */ + public AuthenticationServer() { + super(); + } + + + /** + * Processes the beginning of an authentication session. + *
    + *
  • Starts an authentication session
    • + *
  • Creates an <InfoboxReadRequest>
    • + *
  • Creates an HTML form for querying the identity link from the security + * layer implementation.
    + * Form parameters include + *
      + *
    • the <InfoboxReadRequest>
      • + *
    • the data URL where the security layer implementation sends it + * response to
      • + *
    + *
+ * + * @param authURL URL of the servlet to be used as data URL + * @param target "Geschäftsbereich" of the online application requested + * @param targetFriendlyName Friendly name of the target if the target is configured via + * configuration + * @param oaURL online application URL requested + * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; may be + * null; in this case, the default location will be + * used + * @param useMandate Indicates if mandate is used or not + * @param templateURL URL providing an HTML template for the HTML form generated + * @param templateMandteURL URL providing an HTML template for the HTML form generated + * (for signing in mandates mode) + * @param req determines the protocol used + * @param sourceID + * @return HTML form + * @throws AuthenticationException + * @see GetIdentityLinkFormBuilder + * @see InfoboxReadRequestBuilder + */ + public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException, + AuthenticationException, ConfigurationException, BuildException { + + if (session == null) { + throw new AuthenticationException("auth.18", new Object[]{}); + } + + //load OnlineApplication configuration + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()}); + + //load Template + String template = null; + if (session.getTemplateURL() != null) { + try { + + template = new String(FileUtils.readURL(session.getTemplateURL())); + } catch (IOException ex) { + throw new AuthenticationException("auth.03", new Object[]{ + session.getTemplateURL(), ex.toString()}, ex); + } + } + + String infoboxReadRequest = ""; + + String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); + if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { + //do not use SSO if no Target is set + Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); + session.setSsoRequested(false); + + } + + if (session.isSsoRequested()) { + //load identityLink with SSO Target + boolean isbuisness = false; + + if (domainIdentifier.startsWith(PREFIX_WPBK)) { + + isbuisness = true; + + } else { + isbuisness = false; + + } + + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + isbuisness, domainIdentifier); + + } else { + + if (oaParam.getStorkService()) + // build stork request + infoboxReadRequest = new InfoboxReadRequestBuilder().buildStorkReadRequest( + oaParam.getIdentityLinkDomainIdentifier()); + else + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + oaParam.getBusinessService(), oaParam + .getIdentityLinkDomainIdentifier()); + } + + + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session + .getSessionID()); + + //removed in MOAID 2.0 + String pushInfobox = ""; // VerifyInfoboxParameters verifyInfoboxParameters = oaParam // .getVerifyInfoboxParameters(); @@ -299,1787 +255,1743 @@ public class AuthenticationServer implements MOAIDAuthConstants { // session.setPushInfobox(pushInfobox); // } - //build CertInfo request - String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() - .build(); - String certInfoDataURL = new DataURLBuilder() - .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, - session.getSessionID()); - - //get Applet Parameters - String appletwidth = req.getParameter(PARAM_APPLET_WIDTH); - String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); - appletheigth = StringEscapeUtils.escapeHtml(appletheigth); - appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - - String htmlForm = new GetIdentityLinkFormBuilder().build(template, - session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, - certInfoDataURL, pushInfobox, oaParam, appletheigth, appletwidth); - - return htmlForm; - } - - /** - * Processes an <InfoboxReadResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <InfoboxReadResponse>
    • - *
  • Parses identity link enclosed in - * <InfoboxReadResponse>
    • - *
  • Verifies identity link by calling the MOA SP component
    • - *
  • Checks certificate authority of identity link
    • - *
  • Stores identity link in the session
    • - *
  • Verifies all additional infoboxes returned from the BKU
    • - *
  • Creates an authentication block to be signed by the user
    • - *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the security - * layer implementation
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param infoboxReadResponseParameters - * The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> - * @throws BKUException - */ - public String verifyIdentityLink(AuthenticationSession session, - Map infoboxReadResponseParameters) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException, BKUException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID }); - - String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlInfoboxReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - // check if an identity link was found - // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform - // (SL1.2)) - // CharSequence se = "ErrorCode>2911".substring(0); - // boolean b = xmlInfoboxReadResponse.contains(se); - String se = "ErrorCode>2911"; - int b = xmlInfoboxReadResponse.indexOf(se); - if (b != -1) { // no identity link found - Logger - .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als auslaendische eID."); - return null; - } - // spezifikationsgemaess (SL1.2) Errorcode - se = "ErrorCode>4002"; - // b = xmlInfoboxReadResponse.contains(se); - b = xmlInfoboxReadResponse.indexOf(se); - if (b != -1) { // Unbekannter Infoboxbezeichner - Logger - .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als auslaendische eID."); - return null; - } - - // parses the - IdentityLink identityLink = new InfoboxReadResponseParser( - xmlInfoboxReadResponse).parseIdentityLink(); - // validates the identity link - IdentityLinkValidator.getInstance().validate(identityLink); - // builds a for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .build(identityLink, authConf - .getMoaSpIdentityLinkTrustProfileID()); - - // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() - .verifyXMLSignature(domVerifyXMLSignatureRequest); - // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( - domVerifyXMLSignatureResponse).parseData(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - // if OA is type is business service the manifest validation result has - // to be ignored - boolean ignoreManifestValidationResult = oaParam.getBusinessService() ? true - : false; - - // validates the - VerifyXMLSignatureResponseValidator.getInstance().validate( - verifyXMLSignatureResponse, - authConf.getIdentityLinkX509SubjectNames(), - VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - ignoreManifestValidationResult); - - session.setIdentityLink(identityLink); - // now validate the extended infoboxes - - //Removed in MOA-ID 2.0 - //verifyInfoboxes(session, infoboxReadResponseParameters, false); - - return "found!"; - } - - /** - * Processes an <InfoboxReadResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <InfoboxReadResponse>
    • - *
  • Parses identity link enclosed in - * <InfoboxReadResponse>
    • - *
  • Verifies identity link by calling the MOA SP component
    • - *
  • Checks certificate authority of identity link
    • - *
  • Stores identity link in the session
    • - *
  • Verifies all additional infoboxes returned from the BKU
    • - *
  • Creates an authentication block to be signed by the user
    • - *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the security - * layer implementation
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param infoboxReadResponseParameters - * The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> - */ - public String verifyCertificate(AuthenticationSession session, - X509Certificate certificate) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException, MOAIDException{ - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - - // check if person is a Organwalter - // if true - don't show bPK in AUTH Block - try { - for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) { - if (certificate.getExtension(OWid) != null) { - session.setOW(true); - } - - } - - } catch (X509ExtensionInitException e) { - Logger.warn("Certificate extension is not readable."); - session.setOW(false); - } - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); - - return returnvalue; - } - - /** - * Processes an Mandate sent by the MIS.
- *
    - *
  • Validates given Mandate
    • - *
  • Verifies Mandate by calling the MOA SP component
    • - *
  • Creates an authentication block to be signed by the user
    • - *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the security - * layer implementation
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param infoboxReadResponseParameters - * The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> - */ - public void verifyMandate(AuthenticationSession session, MISMandate mandate) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ValidateException, ServiceException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - GET_MIS_SESSIONID, PARAM_SESSIONID }); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - try { - // sets the extended SAML attributes for OID (Organwalter) - setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam - .getBusinessService()); - - validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); - - - } catch (SAXException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (IOException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (ParserConfigurationException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (TransformerException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } - - } - - /** - * - * @param session - * @param authConf - * @param oaParam - * @return - * @throws ConfigurationException - * @throws BuildException - * @throws ValidateException - */ - public String getCreateXMLSignatureRequestAuthBlockOrRedirect( - AuthenticationSession session, AuthConfigurationProvider authConf, - OAAuthParameter oaParam) throws ConfigurationException, - BuildException, ValidateException { - - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; - - if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); - if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - - // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session, oaParam); - - // builds the - List transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.size() == 0)) { - // no OA specific transforms specified, use default ones - transformsInfos = authConf.getTransformsInfos(); - } - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos); - return createXMLSignatureRequest; - } - - /** - * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
- *
    - *
  • Creates an CreateXMLSignatureRequest to be signed by the user
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param cert - * The certificate from the user - * @return String representation of the - * <CreateXMLSignatureRequest> - */ - public String createXMLSignatureRequestForeignID(AuthenticationSession session, - X509Certificate cert) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, - cert); - } - - public String getCreateXMLSignatureRequestForeigID( - AuthenticationSession session, AuthConfigurationProvider authConf, - OAAuthParameter oaParam, X509Certificate cert) - throws ConfigurationException { - - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; - - if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); - if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - - Principal subject = cert.getSubjectDN(); - - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .buildForeignID(subject.toString(), oaParam, session); - return createXMLSignatureRequest; - } - - /** - * Processes an <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses response enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies signature by calling the MOA SP component
    • - *
  • Returns the signer certificate
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param createXMLSignatureResponseParameters - * The parameters from the response returned from the BKU - * including the <CreateXMLSignatureResponse> - * @throws BKUException - */ - public X509Certificate verifyXMLSignature(String sessionID, - Map createXMLSignatureResponseParameters) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ValidateException, ServiceException, BKUException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_GET_FOREIGN_ID, PARAM_SESSIONID }); - - String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlCreateXMLSignatureResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - // parses the - CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( - xmlCreateXMLSignatureResponse); - CreateXMLSignatureResponse createXMLSignatureResponse = p - .parseResponseDsig(); - - // builds a for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .buildDsig(createXMLSignatureResponse, authConf - .getMoaSpAuthBlockTrustProfileID()); - - // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() - .verifyXMLSignature(domVerifyXMLSignatureRequest); - - // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( - domVerifyXMLSignatureResponse).parseData(); - - return verifyXMLSignatureResponse.getX509certificate(); - - } - - /** - * Processes an <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses response enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies signature by calling the MOA SP component
    • - *
  • Returns the signer certificate
    • - *
- * - * @param sessionID - * ID of associated authentication session data - * @param readInfoboxResponseParameters - * The parameters from the response returned from the BKU - * including the <ReadInfoboxResponse> - * @throws BKUException - */ - public X509Certificate getCertificate(String sessionID, - Map readInfoboxResponseParameters) throws AuthenticationException, - BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException, BKUException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - - String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters - .get(PARAM_XMLRESPONSE); - - if (isEmpty(xmlReadInfoboxResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE }); - - // parses the - InfoboxReadResponseParser p = new InfoboxReadResponseParser( - xmlReadInfoboxResponse); - X509Certificate cert = p.parseCertificate(); - - return cert; - - } - - /** - * Builds an authentication block <saml:Assertion> from - * given session data. - * - * @param session - * authentication session - * - * @return <saml:Assertion> as a String - * - * @throws BuildException - * If an error occurs on serializing an extended SAML attribute - * to be appended to the AUTH-Block. - */ - private String buildAuthenticationBlock(AuthenticationSession session, - OAAuthParameter oaParam) throws BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - String issuer = identityLink.getName(); - String gebDat = identityLink.getDateOfBirth(); - - String identificationValue = null; - String identificationType = null; - - //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested - if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { - identificationType = ""; - identificationValue = ""; - - } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - - if (oaParam.getBusinessService()) { - - String bpkBase64 = new BPKBuilder().buildWBPK(identityLink - .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); - identificationValue = bpkBase64; - - if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+" )) - identificationType = oaParam.getIdentityLinkDomainIdentifier(); - else - identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); - - } else { - String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); - identificationValue = bpkBase64; - identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); - } - - - } else { - identificationValue = identityLink.getIdentificationValue(); - identificationType = identityLink.getIdentificationType(); - - } - - String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar - .getInstance()); - session.setIssueInstant(issueInstant); - String authURL = session.getAuthURL(); - String target = session.getTarget(); - String targetFriendlyName = session.getTargetFriendlyName(); - - // Bug #485 - // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) - // String oaURL = session.getPublicOAURLPrefix(); - - List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - - - if (session.isSsoRequested()) { - String oaURL = new String(); - try { - oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); - - if (MiscUtil.isNotEmpty(oaURL)) - oaURL = oaURL.replaceAll("&", "&"); - - } catch (ConfigurationException e) { - } - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlockSSO(issuer, issueInstant, authURL, target, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session, oaParam); - return authBlock; - - } else { - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlock(issuer, issueInstant, authURL, target, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session, oaParam); - return authBlock; - } - } - - - - /** - * Verifies the infoboxes (except of the identity link infobox) returned by - * the BKU by calling appropriate validator classes. - * - * @param session - * The actual authentication session. - * @param mandate - * The Mandate from the MIS - * - * @throws AuthenticationException - * @throws ConfigurationException - * @throws TransformerException - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - */ - private void validateExtendedSAMLAttributeForMandates( - AuthenticationSession session, MISMandate mandate, - boolean business) - throws ValidateException, ConfigurationException, SAXException, - IOException, ParserConfigurationException, TransformerException { - - ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( - mandate, business, false); - - int length = extendedSAMLAttributes.length; - for (int i = 0; i < length; i++) { - ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; - - verifySAMLAttribute(samlAttribute, i, "MISService", - "MISService"); - - } - } - - /** - * Verifies the infoboxes (except of the identity link infobox) returned by - * the BKU by calling appropriate validator classes. - * - * @param session - * The actual authentication session. - * @param mandate - * The Mandate from the MIS - * - * @throws AuthenticationException - * @throws ConfigurationException - * @throws TransformerException - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - */ - private void setExtendedSAMLAttributeForMandatesOID( - AuthenticationSession session, MISMandate mandate, boolean business) - throws ValidateException, ConfigurationException, SAXException, - IOException, ParserConfigurationException, TransformerException { - - ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributesOID( - mandate, business); - - AddAdditionalSAMLAttributes(session, extendedSamlAttributes, - "MISService", "MISService"); - - } - - /** - * Adds given SAML Attributes to the current session. They will be appended - * to the final SAML Assertion or the AUTH block. If the attributes are - * already in the list, they will be replaced. - * - * @param session - * The current session - * @param extendedSAMLAttributes - * The SAML attributes to add - * @param identifier - * The infobox identifier for debug purposes - * @param friendlyNam - * The friendly name of the infobox for debug purposes - */ - private static void AddAdditionalSAMLAttributes( - AuthenticationSession session, - ExtendedSAMLAttribute[] extendedSAMLAttributes, String identifier, - String friendlyName) throws ValidateException { - if (extendedSAMLAttributes == null) - return; - List oaAttributes = session.getExtendedSAMLAttributesOA(); - if (oaAttributes == null) - oaAttributes = new Vector(); - List authAttributes = session.getExtendedSAMLAttributesAUTH(); - if (authAttributes == null) - authAttributes = new Vector(); - int length = extendedSAMLAttributes.length; - for (int i = 0; i < length; i++) { - ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; - - Object value = verifySAMLAttribute(samlAttribute, i, identifier, - friendlyName); - - if ((value instanceof String) || (value instanceof Element)) { - switch (samlAttribute.getAddToAUTHBlock()) { - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: - replaceExtendedSAMLAttribute(authAttributes, samlAttribute); - break; - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: - replaceExtendedSAMLAttribute(authAttributes, samlAttribute); - replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); - break; - case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: - replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); - break; - default: - Logger - .info("Invalid return value from method \"getAddToAUTHBlock()\" (" - + samlAttribute.getAddToAUTHBlock() - + ") in SAML attribute number " - + (i + 1) - + " for infobox " + identifier); - throw new ValidateException("validator.47", new Object[] { - friendlyName, String.valueOf((i + 1)) }); - } - } else { - Logger - .info("The type of SAML-Attribute number " - + (i + 1) - + " returned from " - + identifier - + "-infobox validator is not valid. Must be either \"java.Lang.String\"" - + " or \"org.w3c.dom.Element\""); - throw new ValidateException("validator.46", new Object[] { - identifier, String.valueOf((i + 1)) }); - } - } - session.setExtendedSAMLAttributesAUTH(authAttributes); - session.setExtendedSAMLAttributesOA(oaAttributes); - } - - /** - * Adds the AUTH block related SAML attributes to the validation result. - * This is needed always before the AUTH block is to be signed, because the - * name of the mandator has to be set - * - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - * @throws TransformerException - */ - - protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( - MISMandate mandate, boolean business, boolean provideStammzahl) - throws SAXException, IOException, ParserConfigurationException, - TransformerException { - Vector extendedSamlAttributes = new Vector(); - - extendedSamlAttributes.clear(); - - // Name - Element domMandate = mandateToElement(mandate); - Element nameSpaceNode = domMandate.getOwnerDocument().createElement( - "NameSpaceNode"); - nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, - Constants.PD_NS_URI); - nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, - SZRGWConstants.MANDATE_NS); - - Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, - "//md:Mandate/md:Mandator", nameSpaceNode); - - // Mandate - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_RAW, domMandate, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - // (w)bpk - String wbpk = ParepUtils.extractMandatorWbpk(mandator); - if (!ParepUtils.isEmpty(wbpk)) { - if (!ParepUtils.isPhysicalPerson(mandator)) { - String idType = ParepUtils - .extractMandatorIdentificationType(mandator); - if (!ParepUtils.isEmpty(idType) - && idType.startsWith(Constants.URN_PREFIX_BASEID)) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_CB_BASE_ID, - ParepUtils.getRegisterString(idType) + ": " + wbpk, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - } else if (business) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_WBPK, wbpk, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } - } - - ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes - .size()]; - extendedSamlAttributes.copyInto(ret); - Logger.debug("ExtendedSAML Attributes: " + ret.length); - return ret; - - } - - /** - * Adds the AUTH block related SAML attributes to the validation result. - * This is needed always before the AUTH block is to be signed, because the - * name of the mandator has to be set - * - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - * @throws TransformerException - */ - private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID( - MISMandate mandate, boolean business) throws SAXException, - IOException, ParserConfigurationException, TransformerException { - - Vector extendedSamlAttributes = new Vector(); - - extendedSamlAttributes.clear(); - - // RepresentationType - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_REPRESENTATIONTYPE, - EXT_SAML_MANDATE_REPRESENTATIONTEXT, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - String oid = mandate.getProfRep(); - - if (oid != null) { - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_OID, oid, - SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - String oidDescription = mandate.getTextualDescriptionOfOID(); - extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( - EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, - oidDescription, SZRGWConstants.MANDATE_NS, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - - } - - ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes - .size()]; - extendedSamlAttributes.copyInto(ret); - Logger.debug("ExtendedSAML Attributes: " + ret.length); - return ret; - - } - - /** - * - * @param mandate - * @return - * @throws ParserConfigurationException - * @throws IOException - * @throws SAXException - */ - private static Element mandateToElement(MISMandate mandate) - throws SAXException, IOException, ParserConfigurationException { - ByteArrayInputStream bais = new ByteArrayInputStream(mandate - .getMandate()); - Document doc = DOMUtils.parseDocumentSimple(bais); - return doc.getDocumentElement(); - } - - protected static void replaceExtendedSAMLAttribute(List attributes, - ExtendedSAMLAttribute samlAttribute) { - if (null == attributes) { - attributes = new Vector(); - } else { - String id = samlAttribute.getName(); - int length = attributes.size(); - for (int i = 0; i < length; i++) { - ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes - .get(i); - if (id.equals(att.getName())) { - // replace attribute - attributes.set(i, samlAttribute); - return; - } - } - attributes.add(samlAttribute); - } - } - - /** - * Processes a <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses <CreateXMLSignatureResponse> for error - * codes
    • - *
  • Parses authentication block enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies authentication block by calling the MOA SP component
    • - *
  • Creates authentication data
    • - *
  • Creates a corresponding SAML artifact
    • - *
  • Stores authentication data in the authentication data store indexed - * by the SAML artifact
    • - *
  • Deletes authentication session
    • - *
  • Returns the SAML artifact, encoded BASE64
    • - *
- * - * @param sessionID - * session ID of the running authentication session - * @param xmlCreateXMLSignatureReadResponse - * String representation of the - * <CreateXMLSignatureResponse> - * @return SAML artifact needed for retrieving authentication data, encoded - * BASE64 - * @throws BKUException - */ - public String verifyAuthenticationBlock(AuthenticationSession session, - String xmlCreateXMLSignatureReadResponse) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ServiceException, ValidateException, BKUException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - if (isEmpty(xmlCreateXMLSignatureReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - // parses - CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( - xmlCreateXMLSignatureReadResponse).parseResponse(); - - try { - String serializedAssertion = DOMUtils.serializeNode(csresp - .getSamlAssertion()); - session.setAuthBlock(serializedAssertion); - } catch (TransformerException e) { - throw new ParseException("parser.04", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - } catch (IOException e) { - throw new ParseException("parser.04", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - } - // validates - if (session.isSsoRequested()) - new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); - else - new CreateXMLSignatureResponseValidator().validate(csresp, session); - - // builds a for a MOA-SPSS call - List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); - Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, - vtids, tpid); - // debug output - - // invokes the call - Element domVsresp = new SignatureVerificationInvoker() - .verifyXMLSignature(domVsreq); - // debug output - - // parses the - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( - domVsresp).parseData(); - - if (Logger.isTraceEnabled()) { - if (domVsresp != null) { - try { - String xmlVerifyXMLSignatureResponse = DOMUtils - .serializeNode(domVsresp, true); - Logger.trace(new LogMsg(xmlCreateXMLSignatureReadResponse)); - Logger.trace(new LogMsg(xmlVerifyXMLSignatureResponse)); - } catch (Throwable t) { - t.printStackTrace(); - Logger.info(new LogMsg(t.getStackTrace())); - } - } - } - - // validates the - VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, - null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, - false); - - // Compare AuthBlock Data with information stored in session, especially - // date and time - CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); - - // compares the public keys from the identityLink with the AuthBlock - VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( - vsresp, session.getIdentityLink()); - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - boolean formpending = false; - if (iter != null) { - while (!formpending && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector.get(1); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator.validate(csresp - .getSamlAssertion()); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier + " infobox:" - + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", new Object[] { - friendlyName, - infoboxValidationResult.getErrorMessage() }); - } - String form = infoboxvalidator.getForm(); - if (ParepUtils.isEmpty(form)) { - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } else { - return "Redirect to Input Processor"; - } - } - } - - session.setXMLVerifySignatureResponse(vsresp); - session.setSignerCertificate(vsresp.getX509certificate()); - vsresp.setX509certificate(null); - session.setForeigner(false); - - if (session.getUseMandate()) { - // mandate mode - return null; - - } else { - - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - //set QAA Level four in case of card authentifcation - session.setQAALevel(PVPConstants.STORK_QAA_1_4); - - - String oldsessionID = session.getSessionID(); - - //Session is implicte stored in changeSessionID!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - - Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - - return newMOASessionID; - } - } - - /** - * Processes a <CreateXMLSignatureResponse> sent by the - * security layer implementation.
- *
    - *
  • Validates given <CreateXMLSignatureResponse>
    • - *
  • Parses <CreateXMLSignatureResponse> for error - * codes
    • - *
  • Parses authentication block enclosed in - * <CreateXMLSignatureResponse>
    • - *
  • Verifies authentication block by calling the MOA SP component
    • - *
  • Creates authentication data
    • - *
  • Creates a corresponding SAML artifact
    • - *
  • Stores authentication data in the authentication data store indexed - * by the SAML artifact
    • - *
  • Deletes authentication session
    • - *
  • Returns the SAML artifact, encoded BASE64
    • - *
- * - * @param sessionID - * session ID of the running authentication session - * @param xmlCreateXMLSignatureReadResponse - * String representation of the - * <CreateXMLSignatureResponse> - * @return SAML artifact needed for retrieving authentication data, encoded - * BASE64 - */ - - protected Element createIdentificationBPK(Element mandatePerson, - String baseid, String target) throws BuildException { - Element identificationBpK = mandatePerson.getOwnerDocument() - .createElementNS(Constants.PD_NS_URI, "Identification"); - Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( - Constants.PD_NS_URI, "Value"); - - String bpkBase64 = new BPKBuilder().buildBPK(baseid, target); - valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( - bpkBase64)); - Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( - Constants.PD_NS_URI, "Type"); - typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( - "urn:publicid:gv.at:cdid+bpk")); - identificationBpK.appendChild(valueBpK); - identificationBpK.appendChild(typeBpK); - - return identificationBpK; - - } - - protected String getBaseId(Element mandatePerson) - throws TransformerException, IOException { - NodeList list = mandatePerson.getElementsByTagNameNS( - Constants.PD_NS_URI, "Identification"); - for (int i = 0; i < list.getLength(); i++) { - Element identification = (Element) list.item(i); - Element type = (Element) identification.getElementsByTagNameNS( - Constants.PD_NS_URI, "Type").item(0); - if (type.getTextContent().compareToIgnoreCase( - "urn:publicid:gv.at:baseid") == 0) { - Element value = (Element) identification - .getElementsByTagNameNS(Constants.PD_NS_URI, "Value") - .item(0); - return value.getTextContent(); - } - } - return null; - - } - - /** - * Gets the foreign authentication data.
- *
    - *
  • Creates authentication data
    • - *
  • Creates a corresponding SAML artifact
    • - *
  • Stores authentication data in the authentication data store indexed - * by the SAML artifact
    • - *
  • Deletes authentication session
    • - *
  • Returns the SAML artifact, encoded BASE64
    • - *
- * - * @param sessionID - * session ID of the running authentication session - * @return SAML artifact needed for retrieving authentication data, encoded - * BASE64 - */ - public String getForeignAuthenticationData(AuthenticationSession session) - throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ServiceException, ValidateException { - - if (session == null) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - boolean formpending = false; - if (iter != null) { - while (!formpending && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector.get(1); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator.validate(session - .getIdentityLink().getSamlAssertion()); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier + " infobox:" - + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", new Object[] { - friendlyName, - infoboxValidationResult.getErrorMessage() }); - } - String form = infoboxvalidator.getForm(); - if (ParepUtils.isEmpty(form)) { - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } else { - return "Redirect to Input Processor"; - } - } - } - - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); - X509Certificate cert = session.getSignerCertificate(); - vsresp.setX509certificate(cert); - - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - - session.setXMLVerifySignatureResponse(vsresp); - session.setSignerCertificate(vsresp.getX509certificate()); - vsresp.setX509certificate(null); - session.setForeigner(true); - - //TODO: regenerate MOASession ID! - return "new Session"; - } - - /** - * Builds the AuthenticationData object together with the corresponding - * <saml:Assertion> - * - * @param session - * authentication session - * @param verifyXMLSigResp - * VerifyXMLSignatureResponse from MOA-SP - * @param useUTC uses correct UTC time format - * @param useUTC indicates that authenticated citizen is a foreigner - * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates - * @return AuthenticationData object - * @throws ConfigurationException - * while accessing configuration data - * @throws BuildException - * while building the <saml:Assertion> - */ - public static AuthenticationData buildAuthenticationData( - AuthenticationSession session, OAAuthParameter oaParam, String target) - throws ConfigurationException, BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); - - VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - - boolean businessService = oaParam.getBusinessService(); - - authData.setMajorVersion(1); - authData.setMinorVersion(0); - authData.setAssertionID(Random.nextRandom()); - authData.setIssuer(session.getAuthURL()); - - authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar - .getInstance())); - - //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO - authData.setIdentificationValue(identityLink.getIdentificationValue()); - authData.setIdentificationType(identityLink.getIdentificationType()); - - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp - .isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp - .getPublicAuthorityCode()); - authData.setBkuURL(session.getBkuURL()); - - try { - - if (session.getUseMandate() && session.isOW()) { - MISMandate mandate = session.getMISMandate(); - authData.setBPK(mandate.getOWbPK()); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); - authData.setIdentityLink(identityLink); - - Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); - - } else { - - if (businessService) { - //since we have foreigner, wbPK is not calculated in BKU - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - - } else { - authData.setBPK(identityLink.getIdentificationValue()); - authData.setBPKType(identityLink.getIdentificationType()); - - } - - Logger.trace("Authenticate user with wbPK " + authData.getBPK()); - - Element idlassertion = session.getIdentityLink().getSamlAssertion(); - //set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue(authData.getBPK()); - //set bkp/wpbk type - Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); - prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - - IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); - IdentityLink idl = idlparser.parseIdentityLink(); - authData.setIdentityLink(idl); - - } else { - - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); - } - - Logger.trace("Authenticate user with bPK " + authData.getBPK()); - - authData.setIdentityLink(identityLink); - } - } - - return authData; - - } catch (Throwable ex) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", ex.toString() }, ex); - } - } - - /** - * Retrieves a session from the session store. - * - * @param id - * session ID - * @return AuthenticationSession stored with given session ID, - * null if session ID unknown - */ - public static AuthenticationSession getSession(String id) - throws AuthenticationException { - - AuthenticationSession session; - try { - session = AuthenticationSessionStoreage.getSession(id); - - if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); - return session; - - } catch (MOADatabaseException e) { - throw new AuthenticationException("parser.04", new Object[] { id }); - } - } - - /** - * Cleans up expired session and authentication data stores. - */ - public void cleanup() { - long now = new Date().getTime(); - - //clean AuthenticationSessionStore - - AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); - - //clean AssertionStore - AssertionStorage assertionstore = AssertionStorage.getInstance(); - assertionstore.clean(now, authDataTimeOut); - - //clean ExeptionStore - DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); - exstore.clean(now, authDataTimeOut); - - } - - /** - * Sets the sessionTimeOut. - * - * @param seconds - * Time out of the session in seconds - */ - public void setSecondsSessionTimeOutCreated(long seconds) { - sessionTimeOutCreated = seconds * 1000; - } - - public void setSecondsSessionTimeOutUpdated(long seconds) { - sessionTimeOutUpdated = seconds * 1000; - } - - /** - * Sets the authDataTimeOut. - * - * @param seconds - * Time out for signing AuthData in seconds - */ - public void setSecondsAuthDataTimeOut(long seconds) { - authDataTimeOut = seconds * 1000; - } - - /** - * Checks a parameter. - * - * @param param - * parameter - * @return true if the parameter is null or empty - */ - private boolean isEmpty(String param) { - return param == null || param.length() == 0; - } - - /** - * Checks the correctness of SAML attributes and returns its value. - * - * @param param - * samlAttribute - * @param i - * the number of the verified attribute for messages - * @param identifier - * the infobox identifier for messages - * @param friendlyname - * the friendly name of the infobox for messages - * @return the SAML attribute value (Element or String) - */ - protected static Object verifySAMLAttribute( - ExtendedSAMLAttribute samlAttribute, int i, String identifier, - String friendlyName) throws ValidateException { - String name = samlAttribute.getName(); - - if (name == null) { - Logger.info("The name of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is null."); - throw new ValidateException("validator.45", new Object[] { - friendlyName, "Name", String.valueOf((i + 1)), "null" }); - } - if (name == "") { - Logger.info("The name of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is empty."); - throw new ValidateException("validator.45", new Object[] { - friendlyName, "Name", String.valueOf((i + 1)), "leer" }); - } - if (samlAttribute.getNameSpace() == null) { - Logger.info("The namespace of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is null."); - throw new ValidateException("validator.45", - new Object[] { friendlyName, "Namespace", - String.valueOf((i + 1)), "null" }); - } - Object value = samlAttribute.getValue(); - if (value == null) { - Logger.info("The value of SAML-Attribute number " + (i + 1) - + " returned from " + identifier - + "-infobox validator is null."); - throw new ValidateException("validator.45", new Object[] { - friendlyName, "Wert", String.valueOf((i + 1)), "null" }); - } - - return value; - } - - /** - * Does the request to the SZR-GW - * @param oaFriendlyName - * @param signature XMLDSIG signature - * @return Identity link assertion - * @throws SZRGWClientException - */ - - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { - - try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - - SZRGWClient client = new SZRGWClient(connectionParameters); - - - CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); - request.setSignature(citizenSignature.getBytes()); - - PEPSData data = new PEPSData(); - data.setDateOfBirth(PEPSDateOfBirth); - data.setFamilyname(PEPSFamilyname); - data.setFirstname(PEPSFirstname); - data.setIdentifier(PEPSIdentifier); - - data.setRepresentative(representative); - data.setRepresented(represented); - data.setMandateContent(mandateContent); - - data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); - data.setLegalPersonTranslatableType(organizationType); - - if(null != mandateContent) { - MISType mis = new MISType(); - - Target targetObject = new Target(); - targetObject.setType(targetType); - targetObject.setValue(targetValue); - mis.setTarget(targetObject); - - mis.setOAFriendlyName(oaFriendlyName); - - Filters filterObject = new Filters(); - MandateIdentifiers mandateIds = new MandateIdentifiers(); - for(String current : filters.split(",")) - mandateIds.getMandateIdentifier().add(current.trim()); - filterObject.setMandateIdentifiers(mandateIds); - mis.setFilters(filterObject); - - request.setMIS(mis); - } - - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); - return response; - - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - } - - return null; - - } - - /** - * Does the request to the SZR-GW. - * - * @param signature the signature - * @return the identity link - * @throws SZRGWClientException the sZRGW client exception - * @throws ConfigurationException the configuration exception - */ - public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { - return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature)); - } - - /** - * Does the request to the SZR-GW. - * - * @param PEPSIdentifier the pEPS identifier - * @param PEPSFirstname the pEPS firstname - * @param PEPSFamilyname the pEPS familyname - * @param PEPSDateOfBirth the pEPS date of birth - * @param signature XMLDSIG signature - * @return Identity link assertion - * @throws SZRGWClientException the sZRGW client exception - * @throws ConfigurationException the configuration exception - */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null); - } - - /** - * Gets the identity link. - * - * @param citizenSignature the citizen signature - * @param representative the representative - * @param represented the represented - * @param mandate the mandate - * @param organizationAddress the organization address - * @param organizationType the organization type - * @return the identity link - * @throws SZRGWClientException - */ - public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, - String representative, String represented, String mandateContent, - String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { - return getIdentityLink(null, null, null, null, null, - citizenSignature, represented, representative, mandateContent, organizationAddress, - organizationType, targetType, targetValue, oaFriendlyName, filters); - } - - /** - * SZR-GW Client interface. - * - * @param eIdentifier the e identifier - * @param givenName the given name - * @param lastName the last name - * @param dateOfBirth the date of birth - * @param citizenSignature the citizen signature - * @param representative the representative - * @param represented the represented - * @param mandate the mandate - * @return the identity link - * @throws SZRGWClientException the sZRGW client exception - */ - public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, - String givenName, String lastName, String dateOfBirth, String gender, - String citizenSignature, String representative, String represented, - String mandate, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { - return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, - citizenSignature, representative, represented, mandate, null, - null, targetType, targetValue, oaFriendlyName, filters); - } - - /** - * Starts a MOA-ID authentication process using STORK - * @param req HttpServletRequest - * @param resp HttpServletResponse - * @param ccc Citizen country code - * @param oaURL URL of the online application - * @param target Target parameter - * @param targetFriendlyName Friendly Name of Target - * @param authURL Authentication URL - * @param sourceID SourceID parameter - * @throws MOAIDException - * @throws AuthenticationException - * @throws WrongParametersException - * @throws ConfigurationException - */ - public static void startSTORKAuthentication( - HttpServletRequest req, - HttpServletResponse resp, - AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - - if (moasession == null) { - throw new AuthenticationException("auth.18", new Object[] { }); - } - - //read configuration paramters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); - - //Start of STORK Processing - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); - - Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); - String destination = cpeps.getPepsURL().toExternalForm(); - Logger.debug("C-PEPS URL: " + destination); - - String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; - Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); - - String providerName= oaParam.getFriendlyName(); - String issuerValue = HTTPUtils.getBaseURL(req); - Logger.debug("Issuer value: " + issuerValue); - - // prepare collection of required attributes - // - attributes for online application - List attributesFromConfig = oaParam.getRequestedAttributes(); - - // - prepare attribute list - PersonalAttributeList attributeList = new PersonalAttributeList(); - - // - fill container - for(OAStorkAttribute current : attributesFromConfig) { - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName(current.getName()); - - boolean globallyMandatory = false; - for(StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) - if(current.getName().equals(currentGlobalAttribute.getName())) { - globallyMandatory = currentGlobalAttribute.isMandatory(); - break; - } - - newAttribute.setIsRequired(current.isMandatory() || globallyMandatory); - attributeList.add(newAttribute); - } - - // add sign request - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName("signedDoc"); - List value = new ArrayList(); - value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), - "application/xhtml+xml", - moasession.getCcc())); - newAttribute.setValue(value); - attributeList.add(newAttribute); - - - if (Logger.isDebugEnabled()) { - Logger.debug("The following attributes are requested for this OA:"); - for (OAStorkAttribute logReqAttr : attributesFromConfig) - Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); - } - - //TODO: check Target in case of SSO!! - String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); - String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); - String spApplication = spInstitution; - String spCountry = "AT"; - - //generate AuthnRquest - STORKAuthnRequest authnRequest = new STORKAuthnRequest(); - authnRequest.setDestination(destination); - authnRequest.setAssertionConsumerServiceURL(acsURL); - authnRequest.setProviderName(providerName); - authnRequest.setIssuer(issuerValue); - authnRequest.setQaa(oaParam.getQaaLevel()); - authnRequest.setSpInstitution(spInstitution); - authnRequest.setCountry(spCountry); - authnRequest.setSpApplication(spApplication); - authnRequest.setSpSector(spSector); - authnRequest.setPersonalAttributeList(attributeList); - - authnRequest.setEIDCrossBorderShare(true); - authnRequest.setEIDCrossSectorShare(true); - authnRequest.setEIDSectorShare(true); - - authnRequest.setCitizenCountryCode(moasession.getCcc()); - - - Logger.debug("STORK AuthnRequest succesfully assembled."); - - STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); - try { - authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); - } catch (STORKSAMLEngineException e) { - Logger.error("Could not sign STORK SAML AuthnRequest.", e); - throw new MOAIDException("stork.00", null); - } - - Logger.info("STORK AuthnRequest successfully signed!"); - - //validate AuthnRequest - try { - samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml()); - } catch (STORKSAMLEngineException e) { - Logger.error("STORK SAML AuthnRequest not valid.", e); - throw new MOAIDException("stork.01", null); - } - - Logger.debug("STORK AuthnRequest successfully internally validated."); - - //send - moasession.setStorkAuthnRequest(authnRequest); - HttpSession httpSession = req.getSession(); - httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); - - - Logger.info("Preparing to send STORK AuthnRequest."); - Logger.info("prepared STORKAuthnRequest: "); - Logger.info(new String(authnRequest.getTokenSaml())); - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); - VelocityContext context = new VelocityContext(); - context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); - context.put("action", destination); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - resp.getOutputStream().write(writer.toString().getBytes()); - } catch (Exception e) { - Logger.error("Error sending STORK SAML AuthnRequest.", e); - httpSession.invalidate(); - throw new MOAIDException("stork.02", new Object[] { destination }); - } - - Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); - } - - private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { - IdentifierGenerator idGenerator; - try { - idGenerator = new SecureRandomIdentifierGenerator(); - - DocumentType doc = new DocumentType(); - doc.setBase64XML(text.getBytes()); - doc.setID(idGenerator.generateIdentifier()); - - SignRequest request = new SignRequest(); - request.setInputDocuments(ApiUtils.createInputDocuments(doc)); - - String id = idGenerator.generateIdentifier(); - request.setRequestID(id); - request.setDocUI(id); - - request.setProfile(Profiles.XADES_BES.toString()); - request.setNumberOfSigners(BigInteger.ONE); - request.setTargetCountry(citizenCountry); - - // no, no todo. PEPS will alter this value anyhow. - request.setReturnURL("http://invalid_return"); - - AnyType required = new AnyType(); - required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); - required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); - required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); - required.getAny().add(ApiUtils.createIncludeObject(doc)); - request.setOptionalInputs(required); - - return IOUtils.toString(ApiUtils.marshalToInputStream(request)); - } catch (NoSuchAlgorithmException e) { - Logger.error("Cannot generate id", e); - throw new RuntimeException(e); - } catch (ApiUtilsException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } catch (DOMException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } catch (IOException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } - } - - /** - * Extracts an X509 Certificate out of an XML signagture element - * @param signedXML XML signature element - * @return X509Certificate - * @throws CertificateException - */ - public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException { - - NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate"); - - String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList); - - if (StringUtils.isEmpty(base64CertString)) { - String msg = "XML does not contain a X509Certificate element."; - Logger.error(msg); - throw new CertificateException(msg); - } - - InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - - X509Certificate cert; - try { - cert = new X509Certificate(is); - return cert; - - } catch (Throwable e) { - throw new CertificateException(e); - } - } + //build CertInfo request + String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() + .build(); + String certInfoDataURL = new DataURLBuilder() + .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, + session.getSessionID()); + + //get Applet Parameters + String appletwidth = req.getParameter(PARAM_APPLET_WIDTH); + String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); + appletheigth = StringEscapeUtils.escapeHtml(appletheigth); + appletwidth = StringEscapeUtils.escapeHtml(appletwidth); + + String htmlForm = new GetIdentityLinkFormBuilder().build(template, + session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, + certInfoDataURL, pushInfobox, oaParam, appletheigth, appletwidth); + + return htmlForm; + } + + /** + * Processes an <InfoboxReadResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <InfoboxReadResponse>
    • + *
  • Parses identity link enclosed in + * <InfoboxReadResponse>
    • + *
  • Verifies identity link by calling the MOA SP component
    • + *
  • Checks certificate authority of identity link
    • + *
  • Stores identity link in the session
    • + *
  • Verifies all additional infoboxes returned from the BKU
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the security + * layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from the BKU + * including the <InfoboxReadResponse> + * @return String representation of the + * <CreateXMLSignatureRequest> + * @throws BKUException + */ + public String verifyIdentityLink(AuthenticationSession session, + Map infoboxReadResponseParameters) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException, BKUException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); + + String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters + .get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlInfoboxReadResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + // check if an identity link was found + // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform + // (SL1.2)) + // CharSequence se = "ErrorCode>2911".substring(0); + // boolean b = xmlInfoboxReadResponse.contains(se); + String se = "ErrorCode>2911"; + int b = xmlInfoboxReadResponse.indexOf(se); + if (b != -1) { // no identity link found + Logger + .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als auslaendische eID."); + return null; + } + // spezifikationsgemaess (SL1.2) Errorcode + se = "ErrorCode>4002"; + // b = xmlInfoboxReadResponse.contains(se); + b = xmlInfoboxReadResponse.indexOf(se); + if (b != -1) { // Unbekannter Infoboxbezeichner + Logger + .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als auslaendische eID."); + return null; + } + + // parses the + IdentityLink identityLink = new InfoboxReadResponseParser( + xmlInfoboxReadResponse).parseIdentityLink(); + // validates the identity link + IdentityLinkValidator.getInstance().validate(identityLink); + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .build(identityLink, authConf + .getMoaSpIdentityLinkTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + // if OA is type is business service the manifest validation result has + // to be ignored + boolean ignoreManifestValidationResult = (oaParam.getBusinessService() || oaParam.getStorkService()) ? true + : false; + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, + authConf.getIdentityLinkX509SubjectNames(), + VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, + ignoreManifestValidationResult); + + session.setIdentityLink(identityLink); + // now validate the extended infoboxes + + //Removed in MOA-ID 2.0 + //verifyInfoboxes(session, infoboxReadResponseParameters, false); + + return "found!"; + } + + /** + * Processes an <InfoboxReadResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <InfoboxReadResponse>
    • + *
  • Parses identity link enclosed in + * <InfoboxReadResponse>
    • + *
  • Verifies identity link by calling the MOA SP component
    • + *
  • Checks certificate authority of identity link
    • + *
  • Stores identity link in the session
    • + *
  • Verifies all additional infoboxes returned from the BKU
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the security + * layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from the BKU + * including the <InfoboxReadResponse> + * @return String representation of the + * <CreateXMLSignatureRequest> + */ + public String verifyCertificate(AuthenticationSession session, + X509Certificate certificate) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException, MOAIDException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + // check if person is a Organwalter + // if true - don't show bPK in AUTH Block + try { + for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) { + if (certificate.getExtension(OWid) != null) { + session.setOW(true); + } + + } + + } catch (X509ExtensionInitException e) { + Logger.warn("Certificate extension is not readable."); + session.setOW(false); + } + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + authConf, oaParam); + + return returnvalue; + } + + /** + * Processes an Mandate sent by the MIS.
+ *
    + *
  • Validates given Mandate
    • + *
  • Verifies Mandate by calling the MOA SP component
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the security + * layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from the BKU + * including the <InfoboxReadResponse> + * @return String representation of the + * <CreateXMLSignatureRequest> + */ + public void verifyMandate(AuthenticationSession session, MISMandate mandate) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ValidateException, ServiceException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + GET_MIS_SESSIONID, PARAM_SESSIONID}); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + try { + // sets the extended SAML attributes for OID (Organwalter) + setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam + .getBusinessService()); + + validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + + + } catch (SAXException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", + new Object[]{GET_MIS_SESSIONID}, e); + } + + } + + /** + * @param session + * @param authConf + * @param oaParam + * @return + * @throws ConfigurationException + * @throws BuildException + * @throws ValidateException + */ + public String getCreateXMLSignatureRequestAuthBlockOrRedirect( + AuthenticationSession session, AuthConfigurationProvider authConf, + OAAuthParameter oaParam) throws ConfigurationException, + BuildException, ValidateException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) + return "Redirect to Input Processor"; + + if (authConf == null) + authConf = AuthConfigurationProvider.getInstance(); + if (oaParam == null) + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + // builds the AUTH-block + String authBlock = buildAuthenticationBlock(session, oaParam); + + // builds the + List transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.size() == 0)) { + // no OA specific transforms specified, use default ones + transformsInfos = authConf.getTransformsInfos(); + } + String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() + .build(authBlock, oaParam.getKeyBoxIdentifier(), + transformsInfos); + return createXMLSignatureRequest; + } + + /** + * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
+ *
    + *
  • Creates an CreateXMLSignatureRequest to be signed by the user
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param cert The certificate from the user + * @return String representation of the + * <CreateXMLSignatureRequest> + */ + public String createXMLSignatureRequestForeignID(AuthenticationSession session, + X509Certificate cert) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, + cert); + } + + public String getCreateXMLSignatureRequestForeigID( + AuthenticationSession session, AuthConfigurationProvider authConf, + OAAuthParameter oaParam, X509Certificate cert) + throws ConfigurationException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) + return "Redirect to Input Processor"; + + if (authConf == null) + authConf = AuthConfigurationProvider.getInstance(); + if (oaParam == null) + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + Principal subject = cert.getSubjectDN(); + + String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() + .buildForeignID(subject.toString(), oaParam, session); + return createXMLSignatureRequest; + } + + /** + * Processes an <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses response enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies signature by calling the MOA SP component
    • + *
  • Returns the signer certificate
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU + * including the <CreateXMLSignatureResponse> + * @throws BKUException + */ + public X509Certificate verifyXMLSignature(String sessionID, + Map createXMLSignatureResponseParameters) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ValidateException, ServiceException, BKUException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); + + String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters + .get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlCreateXMLSignatureResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + // parses the + CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( + xmlCreateXMLSignatureResponse); + CreateXMLSignatureResponse createXMLSignatureResponse = p + .parseResponseDsig(); + + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .buildDsig(createXMLSignatureResponse, authConf + .getMoaSpAuthBlockTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + return verifyXMLSignatureResponse.getX509certificate(); + + } + + /** + * Processes an <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses response enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies signature by calling the MOA SP component
    • + *
  • Returns the signer certificate
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param readInfoboxResponseParameters The parameters from the response returned from the BKU + * including the <ReadInfoboxResponse> + * @throws BKUException + */ + public X509Certificate getCertificate(String sessionID, + Map readInfoboxResponseParameters) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException, BKUException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters + .get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlReadInfoboxResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE}); + + // parses the + InfoboxReadResponseParser p = new InfoboxReadResponseParser( + xmlReadInfoboxResponse); + X509Certificate cert = p.parseCertificate(); + + return cert; + + } + + /** + * Builds an authentication block <saml:Assertion> from + * given session data. + * + * @param session authentication session + * @return <saml:Assertion> as a String + * @throws BuildException If an error occurs on serializing an extended SAML attribute + * to be appended to the AUTH-Block. + */ + private String buildAuthenticationBlock(AuthenticationSession session, + OAAuthParameter oaParam) throws BuildException { + + IdentityLink identityLink = session.getIdentityLink(); + String issuer = identityLink.getName(); + String gebDat = identityLink.getDateOfBirth(); + + String identificationValue = null; + String identificationType = null; + + //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested + if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { + identificationType = ""; + identificationValue = ""; + + } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + if (oaParam.getBusinessService()) { + + String bpkBase64 = new BPKBuilder().buildWBPK(identityLink + .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); + identificationValue = bpkBase64; + + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+")) + identificationType = oaParam.getIdentityLinkDomainIdentifier(); + else + identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); + + } else { + String bpkBase64 = new BPKBuilder().buildBPK(identityLink + .getIdentificationValue(), session.getTarget()); + identificationValue = bpkBase64; + identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + } + + + } else { + identificationValue = identityLink.getIdentificationValue(); + identificationType = identityLink.getIdentificationType(); + + } + + String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar + .getInstance()); + session.setIssueInstant(issueInstant); + String authURL = session.getAuthURL(); + String target = session.getTarget(); + String targetFriendlyName = session.getTargetFriendlyName(); + + // Bug #485 + // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) + // String oaURL = session.getPublicOAURLPrefix(); + + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + + + if (session.isSsoRequested()) { + String oaURL = new String(); + try { + oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + + if (MiscUtil.isNotEmpty(oaURL)) + oaURL = oaURL.replaceAll("&", "&"); + + } catch (ConfigurationException e) { + } + String authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlockSSO(issuer, issueInstant, authURL, target, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + return authBlock; + + } else { + String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + String authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlock(issuer, issueInstant, authURL, target, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + return authBlock; + } + } + + + /** + * Verifies the infoboxes (except of the identity link infobox) returned by + * the BKU by calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param mandate The Mandate from the MIS + * @throws AuthenticationException + * @throws ConfigurationException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private void validateExtendedSAMLAttributeForMandates( + AuthenticationSession session, MISMandate mandate, + boolean business) + throws ValidateException, ConfigurationException, SAXException, + IOException, ParserConfigurationException, TransformerException { + + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + mandate, business, false); + + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + + verifySAMLAttribute(samlAttribute, i, "MISService", + "MISService"); + + } + } + + /** + * Verifies the infoboxes (except of the identity link infobox) returned by + * the BKU by calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param mandate The Mandate from the MIS + * @throws AuthenticationException + * @throws ConfigurationException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private void setExtendedSAMLAttributeForMandatesOID( + AuthenticationSession session, MISMandate mandate, boolean business) + throws ValidateException, ConfigurationException, SAXException, + IOException, ParserConfigurationException, TransformerException { + + ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributesOID( + mandate, business); + + AddAdditionalSAMLAttributes(session, extendedSamlAttributes, + "MISService", "MISService"); + + } + + /** + * Adds given SAML Attributes to the current session. They will be appended + * to the final SAML Assertion or the AUTH block. If the attributes are + * already in the list, they will be replaced. + * + * @param session The current session + * @param extendedSAMLAttributes The SAML attributes to add + * @param identifier The infobox identifier for debug purposes + * @param friendlyNam The friendly name of the infobox for debug purposes + */ + private static void AddAdditionalSAMLAttributes( + AuthenticationSession session, + ExtendedSAMLAttribute[] extendedSAMLAttributes, String identifier, + String friendlyName) throws ValidateException { + if (extendedSAMLAttributes == null) + return; + List oaAttributes = session.getExtendedSAMLAttributesOA(); + if (oaAttributes == null) + oaAttributes = new Vector(); + List authAttributes = session.getExtendedSAMLAttributesAUTH(); + if (authAttributes == null) + authAttributes = new Vector(); + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + + Object value = verifySAMLAttribute(samlAttribute, i, identifier, + friendlyName); + + if ((value instanceof String) || (value instanceof Element)) { + switch (samlAttribute.getAddToAUTHBlock()) { + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + default: + Logger + .info("Invalid return value from method \"getAddToAUTHBlock()\" (" + + samlAttribute.getAddToAUTHBlock() + + ") in SAML attribute number " + + (i + 1) + + " for infobox " + identifier); + throw new ValidateException("validator.47", new Object[]{ + friendlyName, String.valueOf((i + 1))}); + } + } else { + Logger + .info("The type of SAML-Attribute number " + + (i + 1) + + " returned from " + + identifier + + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + + " or \"org.w3c.dom.Element\""); + throw new ValidateException("validator.46", new Object[]{ + identifier, String.valueOf((i + 1))}); + } + } + session.setExtendedSAMLAttributesAUTH(authAttributes); + session.setExtendedSAMLAttributesOA(oaAttributes); + } + + /** + * Adds the AUTH block related SAML attributes to the validation result. + * This is needed always before the AUTH block is to be signed, because the + * name of the mandator has to be set + * + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + * @throws TransformerException + */ + + protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( + MISMandate mandate, boolean business, boolean provideStammzahl) + throws SAXException, IOException, ParserConfigurationException, + TransformerException { + Vector extendedSamlAttributes = new Vector(); + + extendedSamlAttributes.clear(); + + // Name + Element domMandate = mandateToElement(mandate); + Element nameSpaceNode = domMandate.getOwnerDocument().createElement( + "NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, + Constants.PD_NS_URI); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, + SZRGWConstants.MANDATE_NS); + + Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, + "//md:Mandate/md:Mandator", nameSpaceNode); + + // Mandate + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_RAW, domMandate, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + // (w)bpk + String wbpk = ParepUtils.extractMandatorWbpk(mandator); + if (!ParepUtils.isEmpty(wbpk)) { + if (!ParepUtils.isPhysicalPerson(mandator)) { + String idType = ParepUtils + .extractMandatorIdentificationType(mandator); + if (!ParepUtils.isEmpty(idType) + && idType.startsWith(Constants.URN_PREFIX_BASEID)) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_CB_BASE_ID, + ParepUtils.getRegisterString(idType) + ": " + wbpk, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } else if (business) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_WBPK, wbpk, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } + + ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes + .size()]; + extendedSamlAttributes.copyInto(ret); + Logger.debug("ExtendedSAML Attributes: " + ret.length); + return ret; + + } + + /** + * Adds the AUTH block related SAML attributes to the validation result. + * This is needed always before the AUTH block is to be signed, because the + * name of the mandator has to be set + * + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + * @throws TransformerException + */ + private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID( + MISMandate mandate, boolean business) throws SAXException, + IOException, ParserConfigurationException, TransformerException { + + Vector extendedSamlAttributes = new Vector(); + + extendedSamlAttributes.clear(); + + // RepresentationType + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_REPRESENTATIONTYPE, + EXT_SAML_MANDATE_REPRESENTATIONTEXT, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + String oid = mandate.getProfRep(); + + if (oid != null) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OID, oid, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + String oidDescription = mandate.getTextualDescriptionOfOID(); + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, + oidDescription, SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + + ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes + .size()]; + extendedSamlAttributes.copyInto(ret); + Logger.debug("ExtendedSAML Attributes: " + ret.length); + return ret; + + } + + /** + * @param mandate + * @return + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private static Element mandateToElement(MISMandate mandate) + throws SAXException, IOException, ParserConfigurationException { + ByteArrayInputStream bais = new ByteArrayInputStream(mandate + .getMandate()); + Document doc = DOMUtils.parseDocumentSimple(bais); + return doc.getDocumentElement(); + } + + protected static void replaceExtendedSAMLAttribute(List attributes, + ExtendedSAMLAttribute samlAttribute) { + if (null == attributes) { + attributes = new Vector(); + } else { + String id = samlAttribute.getName(); + int length = attributes.size(); + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes + .get(i); + if (id.equals(att.getName())) { + // replace attribute + attributes.set(i, samlAttribute); + return; + } + } + attributes.add(samlAttribute); + } + } + + /** + * Processes a <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses <CreateXMLSignatureResponse> for error + * codes
    • + *
  • Parses authentication block enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies authentication block by calling the MOA SP component
    • + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store indexed + * by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <CreateXMLSignatureResponse> + * @return SAML artifact needed for retrieving authentication data, encoded + * BASE64 + * @throws BKUException + */ + public String verifyAuthenticationBlock(AuthenticationSession session, + String xmlCreateXMLSignatureReadResponse) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ServiceException, ValidateException, BKUException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + if (isEmpty(xmlCreateXMLSignatureReadResponse)) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + // parses + CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( + xmlCreateXMLSignatureReadResponse).parseResponse(); + + try { + String serializedAssertion = DOMUtils.serializeNode(csresp + .getSamlAssertion()); + session.setAuthBlock(serializedAssertion); + } catch (TransformerException e) { + throw new ParseException("parser.04", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } catch (IOException e) { + throw new ParseException("parser.04", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } + // validates + if (session.isSsoRequested()) + new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); + else + new CreateXMLSignatureResponseValidator().validate(csresp, session); + + // builds a for a MOA-SPSS call + List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); + Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, + vtids, tpid); + // debug output + + // invokes the call + Element domVsresp = new SignatureVerificationInvoker() + .verifyXMLSignature(domVsreq); + // debug output + + // parses the + VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( + domVsresp).parseData(); + + if (Logger.isTraceEnabled()) { + if (domVsresp != null) { + try { + String xmlVerifyXMLSignatureResponse = DOMUtils + .serializeNode(domVsresp, true); + Logger.trace(new LogMsg(xmlCreateXMLSignatureReadResponse)); + Logger.trace(new LogMsg(xmlVerifyXMLSignatureResponse)); + } catch (Throwable t) { + t.printStackTrace(); + Logger.info(new LogMsg(t.getStackTrace())); + } + } + } + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, + null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, + false); + + // Compare AuthBlock Data with information stored in session, especially + // date and time + CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); + + // compares the public keys from the identityLink with the AuthBlock + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( + vsresp, session.getIdentityLink()); + + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(csresp + .getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + + e.getMessage()); + throw new ValidateException("validator.44", + new Object[]{friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + + " infobox failed."); + throw new ValidateException("validator.40", new Object[]{ + friendlyName, + infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes( + session, + infoboxValidationResult.getExtendedSamlAttributes(), + identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(false); + + if (session.getUseMandate()) { + // mandate mode + return null; + + } else { + + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + //set QAA Level four in case of card authentifcation + session.setQAALevel(PVPConstants.STORK_QAA_1_4); + + + String oldsessionID = session.getSessionID(); + + //Session is implicte stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + + return newMOASessionID; + } + } + + /** + * Processes a <CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
    • + *
  • Parses <CreateXMLSignatureResponse> for error + * codes
    • + *
  • Parses authentication block enclosed in + * <CreateXMLSignatureResponse>
    • + *
  • Verifies authentication block by calling the MOA SP component
    • + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store indexed + * by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <CreateXMLSignatureResponse> + * @return SAML artifact needed for retrieving authentication data, encoded + * BASE64 + */ + + protected Element createIdentificationBPK(Element mandatePerson, + String baseid, String target) throws BuildException { + Element identificationBpK = mandatePerson.getOwnerDocument() + .createElementNS(Constants.PD_NS_URI, "Identification"); + Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( + Constants.PD_NS_URI, "Value"); + + String bpkBase64 = new BPKBuilder().buildBPK(baseid, target); + valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( + bpkBase64)); + Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( + Constants.PD_NS_URI, "Type"); + typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( + "urn:publicid:gv.at:cdid+bpk")); + identificationBpK.appendChild(valueBpK); + identificationBpK.appendChild(typeBpK); + + return identificationBpK; + + } + + protected String getBaseId(Element mandatePerson) + throws TransformerException, IOException { + NodeList list = mandatePerson.getElementsByTagNameNS( + Constants.PD_NS_URI, "Identification"); + for (int i = 0; i < list.getLength(); i++) { + Element identification = (Element) list.item(i); + Element type = (Element) identification.getElementsByTagNameNS( + Constants.PD_NS_URI, "Type").item(0); + if (type.getTextContent().compareToIgnoreCase( + "urn:publicid:gv.at:baseid") == 0) { + Element value = (Element) identification + .getElementsByTagNameNS(Constants.PD_NS_URI, "Value") + .item(0); + return value.getTextContent(); + } + } + return null; + + } + + /** + * Gets the foreign authentication data.
+ *
    + *
  • Creates authentication data
    • + *
  • Creates a corresponding SAML artifact
    • + *
  • Stores authentication data in the authentication data store indexed + * by the SAML artifact
    • + *
  • Deletes authentication session
    • + *
  • Returns the SAML artifact, encoded BASE64
    • + *
+ * + * @param sessionID session ID of the running authentication session + * @return SAML artifact needed for retrieving authentication data, encoded + * BASE64 + */ + public String getForeignAuthenticationData(AuthenticationSession session) + throws AuthenticationException, BuildException, ParseException, + ConfigurationException, ServiceException, ValidateException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[]{ + REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(session + .getIdentityLink().getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + + e.getMessage()); + throw new ValidateException("validator.44", + new Object[]{friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + + " infobox failed."); + throw new ValidateException("validator.40", new Object[]{ + friendlyName, + infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes( + session, + infoboxValidationResult.getExtendedSamlAttributes(), + identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); + X509Certificate cert = session.getSignerCertificate(); + vsresp.setX509certificate(cert); + + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(true); + + //TODO: regenerate MOASession ID! + return "new Session"; + } + + /** + * Builds the AuthenticationData object together with the corresponding + * <saml:Assertion> + * + * @param session authentication session + * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP + * @param useUTC uses correct UTC time format + * @param useUTC indicates that authenticated citizen is a foreigner + * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates + * @return AuthenticationData object + * @throws ConfigurationException while accessing configuration data + * @throws BuildException while building the <saml:Assertion> + */ + public static AuthenticationData buildAuthenticationData( + AuthenticationSession session, OAAuthParameter oaParam, String target) + throws ConfigurationException, BuildException { + + IdentityLink identityLink = session.getIdentityLink(); + AuthenticationData authData = new AuthenticationData(); + + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + + boolean businessService = oaParam.getBusinessService(); + + authData.setMajorVersion(1); + authData.setMinorVersion(0); + authData.setAssertionID(Random.nextRandom()); + authData.setIssuer(session.getAuthURL()); + + authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar + .getInstance())); + + //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO + authData.setIdentificationValue(identityLink.getIdentificationValue()); + authData.setIdentificationType(identityLink.getIdentificationType()); + + authData.setGivenName(identityLink.getGivenName()); + authData.setFamilyName(identityLink.getFamilyName()); + authData.setDateOfBirth(identityLink.getDateOfBirth()); + authData.setQualifiedCertificate(verifyXMLSigResp + .isQualifiedCertificate()); + authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); + authData.setPublicAuthorityCode(verifyXMLSigResp + .getPublicAuthorityCode()); + authData.setBkuURL(session.getBkuURL()); + + try { + + if (session.getUseMandate() && session.isOW()) { + MISMandate mandate = session.getMISMandate(); + authData.setBPK(mandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + authData.setIdentityLink(identityLink); + + Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); + + } else { + + if (businessService) { + //since we have foreigner, wbPK is not calculated in BKU + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); + + } else { + authData.setBPK(identityLink.getIdentificationValue()); + authData.setBPKType(identityLink.getIdentificationType()); + + } + + Logger.trace("Authenticate user with wbPK " + authData.getBPK()); + + Element idlassertion = session.getIdentityLink().getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); + + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IdentityLink idl = idlparser.parseIdentityLink(); + authData.setIdentityLink(idl); + + } else { + + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + Logger.trace("Authenticate user with bPK " + authData.getBPK()); + + authData.setIdentityLink(identityLink); + } + } + + return authData; + + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[]{ + "AuthenticationData", ex.toString()}, ex); + } + } + + /** + * Retrieves a session from the session store. + * + * @param id session ID + * @return AuthenticationSession stored with given session ID, + * null if session ID unknown + */ + public static AuthenticationSession getSession(String id) + throws AuthenticationException { + + AuthenticationSession session; + try { + session = AuthenticationSessionStoreage.getSession(id); + + if (session == null) + throw new AuthenticationException("auth.02", new Object[]{id}); + return session; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("parser.04", new Object[]{id}); + } + } + + /** + * Cleans up expired session and authentication data stores. + */ + public void cleanup() { + long now = new Date().getTime(); + + //clean AuthenticationSessionStore + + AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); + + //clean AssertionStore + AssertionStorage assertionstore = AssertionStorage.getInstance(); + assertionstore.clean(now, authDataTimeOut); + + //clean ExeptionStore + DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); + exstore.clean(now, authDataTimeOut); + + } + + /** + * Sets the sessionTimeOut. + * + * @param seconds Time out of the session in seconds + */ + public void setSecondsSessionTimeOutCreated(long seconds) { + sessionTimeOutCreated = seconds * 1000; + } + + public void setSecondsSessionTimeOutUpdated(long seconds) { + sessionTimeOutUpdated = seconds * 1000; + } + + /** + * Sets the authDataTimeOut. + * + * @param seconds Time out for signing AuthData in seconds + */ + public void setSecondsAuthDataTimeOut(long seconds) { + authDataTimeOut = seconds * 1000; + } + + /** + * Checks a parameter. + * + * @param param parameter + * @return true if the parameter is null or empty + */ + private boolean isEmpty(String param) { + return param == null || param.length() == 0; + } + + /** + * Checks the correctness of SAML attributes and returns its value. + * + * @param param samlAttribute + * @param i the number of the verified attribute for messages + * @param identifier the infobox identifier for messages + * @param friendlyname the friendly name of the infobox for messages + * @return the SAML attribute value (Element or String) + */ + protected static Object verifySAMLAttribute( + ExtendedSAMLAttribute samlAttribute, int i, String identifier, + String friendlyName) throws ValidateException { + String name = samlAttribute.getName(); + + if (name == null) { + Logger.info("The name of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is null."); + throw new ValidateException("validator.45", new Object[]{ + friendlyName, "Name", String.valueOf((i + 1)), "null"}); + } + if (name == "") { + Logger.info("The name of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is empty."); + throw new ValidateException("validator.45", new Object[]{ + friendlyName, "Name", String.valueOf((i + 1)), "leer"}); + } + if (samlAttribute.getNameSpace() == null) { + Logger.info("The namespace of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is null."); + throw new ValidateException("validator.45", + new Object[]{friendlyName, "Namespace", + String.valueOf((i + 1)), "null"}); + } + Object value = samlAttribute.getValue(); + if (value == null) { + Logger.info("The value of SAML-Attribute number " + (i + 1) + + " returned from " + identifier + + "-infobox validator is null."); + throw new ValidateException("validator.45", new Object[]{ + friendlyName, "Wert", String.valueOf((i + 1)), "null"}); + } + + return value; + } + + /** + * Does the request to the SZR-GW + * + * @param oaFriendlyName + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException + */ + + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { + + try { + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); + + SZRGWClient client = new SZRGWClient(connectionParameters); + + + CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); + request.setSignature(citizenSignature.getBytes()); + + PEPSData data = new PEPSData(); + data.setDateOfBirth(PEPSDateOfBirth); + data.setFamilyname(PEPSFamilyname); + data.setFirstname(PEPSFirstname); + data.setIdentifier(PEPSIdentifier); + + data.setRepresentative(representative); + data.setRepresented(represented); + data.setMandateContent(mandateContent); + + data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); + data.setLegalPersonTranslatableType(organizationType); + + if (null != mandateContent) { + MISType mis = new MISType(); + + Target targetObject = new Target(); + targetObject.setType(targetType); + targetObject.setValue(targetValue); + mis.setTarget(targetObject); + + mis.setOAFriendlyName(oaFriendlyName); + + Filters filterObject = new Filters(); + MandateIdentifiers mandateIds = new MandateIdentifiers(); + for (String current : filters.split(",")) + mandateIds.getMandateIdentifier().add(current.trim()); + filterObject.setMandateIdentifiers(mandateIds); + mis.setFilters(filterObject); + + request.setMIS(mis); + } + + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); + CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request, connectionParameters.getUrl()); + return response; + + } catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null)); + } + + return null; + + } + + /** + * Does the request to the SZR-GW. + * + * @param signature the signature + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { + return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature)); + } + + /** + * Does the request to the SZR-GW. + * + * @param PEPSIdentifier the pEPS identifier + * @param PEPSFirstname the pEPS firstname + * @param PEPSFamilyname the pEPS familyname + * @param PEPSDateOfBirth the pEPS date of birth + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { + return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null); + } + + /** + * Gets the identity link. + * + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @param organizationAddress the organization address + * @param organizationType the organization type + * @return the identity link + * @throws SZRGWClientException + */ + public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, + String representative, String represented, String mandateContent, + String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { + return getIdentityLink(null, null, null, null, null, + citizenSignature, represented, representative, mandateContent, organizationAddress, + organizationType, targetType, targetValue, oaFriendlyName, filters); + } + + /** + * SZR-GW Client interface. + * + * @param eIdentifier the e identifier + * @param givenName the given name + * @param lastName the last name + * @param dateOfBirth the date of birth + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + */ + public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, + String givenName, String lastName, String dateOfBirth, String gender, + String citizenSignature, String representative, String represented, + String mandate, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { + return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, + citizenSignature, representative, represented, mandate, null, + null, targetType, targetValue, oaFriendlyName, filters); + } + + /** + * Starts a MOA-ID authentication process using STORK + * + * @param req HttpServletRequest + * @param resp HttpServletResponse + * @param ccc Citizen country code + * @param oaURL URL of the online application + * @param target Target parameter + * @param targetFriendlyName Friendly Name of Target + * @param authURL Authentication URL + * @param sourceID SourceID parameter + * @throws MOAIDException + * @throws AuthenticationException + * @throws WrongParametersException + * @throws ConfigurationException + */ + public static void startSTORKAuthentication( + HttpServletRequest req, + HttpServletResponse resp, + AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { + + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[]{}); + } + + //read configuration paramters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[]{moasession.getPublicOAURLPrefix()}); + + //Start of STORK Processing + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); + + Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); + String destination = cpeps.getPepsURL().toExternalForm(); + Logger.debug("C-PEPS URL: " + destination); + + String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; + Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); + + String providerName = oaParam.getFriendlyName(); + String issuerValue = HTTPUtils.getBaseURL(req); + Logger.debug("Issuer value: " + issuerValue); + + // prepare collection of required attributes + // - attributes for online application + List attributesFromConfig = oaParam.getRequestedAttributes(); + + // - prepare attribute list + PersonalAttributeList attributeList = new PersonalAttributeList(); + + // - fill container + for (OAStorkAttribute current : attributesFromConfig) { + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName(current.getName()); + + boolean globallyMandatory = false; + for (StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) + if (current.getName().equals(currentGlobalAttribute.getName())) { + globallyMandatory = currentGlobalAttribute.isMandatory(); + break; + } + + newAttribute.setIsRequired(current.isMandatory() || globallyMandatory); + attributeList.add(newAttribute); + } + + // add sign request + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName("signedDoc"); + List value = new ArrayList(); + value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), + "application/xhtml+xml", + moasession.getCcc())); + newAttribute.setValue(value); + attributeList.add(newAttribute); + + + if (Logger.isDebugEnabled()) { + Logger.debug("The following attributes are requested for this OA:"); + for (OAStorkAttribute logReqAttr : attributesFromConfig) + Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); + } + + //TODO: check Target in case of SSO!! + String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + String spCountry = "AT"; + + //generate AuthnRquest + STORKAuthnRequest authnRequest = new STORKAuthnRequest(); + authnRequest.setDestination(destination); + authnRequest.setAssertionConsumerServiceURL(acsURL); + authnRequest.setProviderName(providerName); + authnRequest.setIssuer(issuerValue); + authnRequest.setQaa(oaParam.getQaaLevel()); + authnRequest.setSpInstitution(spInstitution); + authnRequest.setCountry(spCountry); + authnRequest.setSpApplication(spApplication); + authnRequest.setSpSector(spSector); + authnRequest.setPersonalAttributeList(attributeList); + + authnRequest.setEIDCrossBorderShare(true); + authnRequest.setEIDCrossSectorShare(true); + authnRequest.setEIDSectorShare(true); + + authnRequest.setCitizenCountryCode(moasession.getCcc()); + + + Logger.debug("STORK AuthnRequest succesfully assembled."); + + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); + try { + authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); + } catch (STORKSAMLEngineException e) { + Logger.error("Could not sign STORK SAML AuthnRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AuthnRequest successfully signed!"); + + //validate AuthnRequest + try { + samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml()); + } catch (STORKSAMLEngineException e) { + Logger.error("STORK SAML AuthnRequest not valid.", e); + throw new MOAIDException("stork.01", null); + } + + Logger.debug("STORK AuthnRequest successfully internally validated."); + + //send + moasession.setStorkAuthnRequest(authnRequest); + HttpSession httpSession = req.getSession(); + httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); + + + Logger.info("Preparing to send STORK AuthnRequest."); + Logger.info("prepared STORKAuthnRequest: "); + Logger.info(new String(authnRequest.getTokenSaml())); + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AuthnRequest.", e); + httpSession.invalidate(); + throw new MOAIDException("stork.02", new Object[]{destination}); + } + + Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); + } + + private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { + IdentifierGenerator idGenerator; + try { + idGenerator = new SecureRandomIdentifierGenerator(); + + DocumentType doc = new DocumentType(); + doc.setBase64XML(text.getBytes()); + doc.setID(idGenerator.generateIdentifier()); + + SignRequest request = new SignRequest(); + request.setInputDocuments(ApiUtils.createInputDocuments(doc)); + + String id = idGenerator.generateIdentifier(); + request.setRequestID(id); + request.setDocUI(id); + + request.setProfile(Profiles.XADES_BES.toString()); + request.setNumberOfSigners(BigInteger.ONE); + request.setTargetCountry(citizenCountry); + + // no, no todo. PEPS will alter this value anyhow. + request.setReturnURL("http://invalid_return"); + + AnyType required = new AnyType(); + required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); + required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); + required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); + required.getAny().add(ApiUtils.createIncludeObject(doc)); + request.setOptionalInputs(required); + + return IOUtils.toString(ApiUtils.marshalToInputStream(request)); + } catch (NoSuchAlgorithmException e) { + Logger.error("Cannot generate id", e); + throw new RuntimeException(e); + } catch (ApiUtilsException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (DOMException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (IOException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } + } + + /** + * Extracts an X509 Certificate out of an XML signagture element + * + * @param signedXML XML signature element + * @return X509Certificate + * @throws CertificateException + */ + public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException { + + NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate"); + + String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList); + + if (StringUtils.isEmpty(base64CertString)) { + String msg = "XML does not contain a X509Certificate element."; + Logger.error(msg); + throw new CertificateException(msg); + } + + InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); + + X509Certificate cert; + try { + cert = new X509Certificate(is); + return cert; + + } catch (Throwable e) { + throw new CertificateException(e); + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index 828fc78ab..ba347c9e5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -2,19 +2,19 @@ * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * + * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works @@ -51,82 +51,143 @@ import at.gv.egovernment.moa.util.Constants; /** * Builder for the <InfoboxReadRequest> structure * used for requesting the identity link from the security layer implementation. - * + * * @author Paul Ivancsics * @version $Id$ */ public class InfoboxReadRequestBuilder implements Constants { - /** - * Constructor for InfoboxReadRequestBuilder. - */ - public InfoboxReadRequestBuilder() { - } - - - /** - * Builds an <InfoboxReadRequest>. - * - * @param slVersion12 specifies whether the Security Layer version is - * version 1.2 or not - * @param businessService specifies whether the online application is a - * business service or not - * @param identityLinkDomainIdentifier the identification number of the business - * company; maybe null if the OA - * is a public service; must not be null - * if the OA is a business service - * - * @return <InfoboxReadRequest> as String - */ - public String build(boolean businessService, String identityLinkDomainIdentifier) { - - String slPrefix; - String slNsDeclaration; - + /** + * Constructor for InfoboxReadRequestBuilder. + */ + public InfoboxReadRequestBuilder() { + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * @return <InfoboxReadRequest> as String + */ + public String build(boolean businessService, String identityLinkDomainIdentifier) { + + String slPrefix; + String slNsDeclaration; + // if (slVersion12) { - slPrefix = SL12_PREFIX; - slNsDeclaration = SL12_NS_URI; + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; // } else { // slPrefix = SL10_PREFIX; // slNsDeclaration = SL10_NS_URI; // } - - StringBuffer sb = new StringBuffer(""); - sb.append("<"); - sb.append(slPrefix); - sb.append(":InfoboxReadRequest xmlns:"); - sb.append(slPrefix); - sb.append("=\""); - sb.append(slNsDeclaration); - sb.append("\">"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":InfoboxIdentifier>IdentityLink"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); - if (businessService) { - sb.append("<"); - sb.append(slPrefix); - sb.append(":BoxSpecificParameters>"); - sb.append("<"); - sb.append(slPrefix); - sb.append(":IdentityLinkDomainIdentifier>"); - sb.append(identityLinkDomainIdentifier); - sb.append(""); - sb.append(""); + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>IdentityLink"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); + if (businessService) { + sb.append("<"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":IdentityLinkDomainIdentifier>"); + sb.append(identityLinkDomainIdentifier); + sb.append(""); + sb.append(""); + } + sb.append(""); + + return sb.toString(); + + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * @return <InfoboxReadRequest> as String + * + */ + public String buildStorkReadRequest(String identityLinkDomainIdentifier) { + + String slPrefix; + String slNsDeclaration; + + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>IdentityLink"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); + + // append box parameters - necessary for stork? + sb.append("<"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":IdentityLinkDomainIdentifier>"); + sb.append(identityLinkDomainIdentifier); + sb.append(""); + sb.append(""); + // end appending box parameters + + sb.append(""); + + return sb.toString(); + } - sb.append(""); - - return sb.toString(); - - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 7e21c6667..2d0a0e367 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -55,7 +55,12 @@ public class OAParameter { this.businessService = true; else this.businessService = false; - + + if (this.oaType.equals("storkService")) + this.storkService = true; + else + this.storkService = false; + this.publicURLPrefix = oa.getPublicURLPrefix(); this.friendlyName = oa.getFriendlyName(); @@ -81,8 +86,15 @@ public class OAParameter { * if value of {@link #oaType} is "businessService" */ private boolean businessService; - - /** + + /** + * specifies whether the online application is a stork application or not (true + * if value of {@link #oaType} is "storkService" + */ + private boolean storkService; + + + /** * public URL prefix of the online application */ private String publicURLPrefix; @@ -139,5 +151,7 @@ public class OAParameter { public OAOAUTH20 getoAuth20Config() { return oAuth20Config; } + + public boolean getStorkService() { return storkService; } } -- cgit v1.2.3 From 97ac38abf8d7fcea628ed1e7bd343c3d4ea958f9 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Wed, 5 Mar 2014 21:56:33 +0100 Subject: merge fr ap --- .../protocols/stork2/AttributeProviderFactory.java | 95 +++++++++++----------- .../stork2/EHvdAttributeProviderPlugin.java | 3 - 2 files changed, 46 insertions(+), 52 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index dbeaf94e9..d046e12a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -1,24 +1,24 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; + import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; - /** * A factory for creating AttributeProvider objects. */ public class AttributeProviderFactory { - /** - * Gets the available plugins. - * - * @return the available plugins - */ - public static List getAvailablePlugins() { - List result = new ArrayList(); - result.add("StorkAttributeRequestProvider"); - result.add("EHvdAttributeProvider"); + /** + * Gets the available plugins. + * + * @return the available plugins + */ + public static List getAvailablePlugins() { + List result = new ArrayList(); + result.add("StorkAttributeRequestProvider"); + result.add("EHvdAttributeProvider"); result.add("SignedDocAttributeRequestProvider"); result.add("MISAttributeProvider"); @@ -26,43 +26,40 @@ public class AttributeProviderFactory { return result; } - /** - * Creates an AttributeProvider object for the given shortname. Returns - * {@code null} if there is no such provider available. - * - * @param shortname - * the simpleName for the providers class - * @return the attribute provider - */ - public static AttributeProvider create(String shortname, String url, String attributes) { - if (shortname.equals("StorkAttributeRequestProvider")) { - return new StorkAttributeRequestProvider(url, attributes); - } else if(shortname.equals("EHvdAttributeProvider")) { - return new EHvdAttributeProviderPlugin(url); - } else if(shortname.equals("SignedDocAttributeRequestProvider")) { - return new SignedDocAttributeRequestProvider(url); - } else if (shortname.equals("MISAttributeProvider")) { - return new MISAttributeProvider(url); - } else { - return new EHvdAttributeProviderPlugin(url, attributes); - } else { - return null; - } - } + /** + * Creates an AttributeProvider object for the given shortname. Returns + * {@code null} if there is no such provider available. + * + * @param shortname the simpleName for the providers class + * @return the attribute provider + */ + public static AttributeProvider create(String shortname, String url, String attributes) { + if (shortname.equals("StorkAttributeRequestProvider")) { + return new StorkAttributeRequestProvider(url, attributes); + } else if (shortname.equals("EHvdAttributeProvider")) { + return new EHvdAttributeProviderPlugin(url, attributes); + } else if (shortname.equals("SignedDocAttributeRequestProvider")) { + return new SignedDocAttributeRequestProvider(url); + } else if (shortname.equals("MISAttributeProvider")) { + return new MISAttributeProvider(url); + } else { + return null; + } + } - /** - * Gets fresh instances of the configured plugins. - * - * @param configuredAPs the configured a ps - * @return the configured plugins - */ - public static List getConfiguredPlugins( - List configuredAPs) { - - List result = new ArrayList(); - for(AttributeProviderPlugin current : configuredAPs) - result.add(create(current.getName(), current.getUrl(), current.getAttributes())); - - return result; - } + /** + * Gets fresh instances of the configured plugins. + * + * @param configuredAPs the configured a ps + * @return the configured plugins + */ + public static List getConfiguredPlugins( + List configuredAPs) { + + List result = new ArrayList(); + for (AttributeProviderPlugin current : configuredAPs) + result.add(create(current.getName(), current.getUrl(), current.getAttributes())); + + return result; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index a36855d33..1b951c4ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -62,7 +62,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ - @Override public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { @@ -225,7 +224,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter) */ - @Override public void performRedirect(String url, String spCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { @@ -235,7 +233,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ - @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { // there is no redirect required, so we throw an exception when someone asks us to parse a response -- cgit v1.2.3 From 257c27091b20e1fbcf7ccce8bfe8b908cb33a62e Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 6 Mar 2014 08:18:18 +0100 Subject: fixed error message --- .../at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index f660e1b33..409e506af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -263,7 +263,7 @@ public class AttributeCollector implements IAction { if(!(existing.isEmptyValue() && existing.isEmptyComplexValue())) if(!(existing.getValue().equals(current.getValue()) || existing.getComplexValue().equals(current.getComplexValue()))) { Logger.error("Attribute Value does not match the value from first authentication!"); - throw new MOAIDException("stork.14", null); + throw new MOAIDException("stork.16", new Object[] {existing.getName()}); } target.get(current.getName()).setStatus(current.getStatus()); -- cgit v1.2.3 From 58fcfcc39b55705d05ec12cfbbcbd0e05d57e702 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 6 Mar 2014 08:31:53 +0100 Subject: fixed eHVD spCountrycode for eId derivation --- .../egovernment/moa/id/protocols/stork2/AttributeCollector.java | 4 ++-- .../gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java | 6 +++--- .../moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java | 4 ++-- .../moa/id/protocols/stork2/DemoRedirectAttributeProvider.java | 4 ++-- .../moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java | 6 +++--- .../egovernment/moa/id/protocols/stork2/MISAttributeProvider.java | 4 ++-- .../id/protocols/stork2/SignedDocAttributeRequestProvider.java | 4 ++-- .../moa/id/protocols/stork2/StorkAttributeRequestProvider.java | 8 ++++++-- 8 files changed, 22 insertions(+), 18 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 409e506af..842c06f15 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -126,7 +126,7 @@ public class AttributeCollector implements IAction { for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { try { // - hand over control to the suitable plugin - aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); + aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), moasession); break; } catch (UnsupportedAttributeException e) { // ok, try the next attributeprovider @@ -163,7 +163,7 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getSpCountry(), request, response, oaParam); + e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index d92b0b72f..2914d8f7d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -22,25 +22,25 @@ public interface AttributeProvider { * the response. * * @param attributes the list of attributes to be acquired + * @param spCountyCode the sp county code * @param moasession the moasession * @return the personal attribute * @throws UnsupportedAttributeException the unsupported attribute exception * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done * @throws MOAIDException the mOAID exception */ - public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; + public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; /** * Perform redirect. * * @param url the return URL ending with ?artifactId=... - * @param spCountyCode the sp county code * @param req the request we got from the S-PEPS and for which we have to ask our APs * @param resp the response to the preceding request * @param oaParam the oa param * @throws MOAIDException the mOAID exception */ - public void performRedirect(String url, String spCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; + public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; /** * Parses the response we got from the external attribute provider. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 9c0869d97..56120cba2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -20,7 +20,7 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession) + public IPersonalAttributeList acquire(PersonalAttribute attributeName, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException { PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList(), "")); @@ -38,7 +38,7 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - public void performRedirect(String url, String citizenCountyCode, + public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) { // we should not get here } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index 26fc00406..aaba87c6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -20,7 +20,7 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession) + public IPersonalAttributeList acquire(PersonalAttribute attributeName, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { throw new ExternalAttributeRequestRequiredException(this); } @@ -37,7 +37,7 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - public void performRedirect(String url, String citizenCountyCode, + public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) { // we should not get here diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 1b951c4ff..02ae5fd62 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -62,7 +62,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ - public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { @@ -211,7 +211,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { // add stork id for verification ArrayList value = new ArrayList(); - value.add(new BPKBuilder().buildStorkbPK(moasession.getIdentityLink().getIdentificationValue(), "IT")); + value.add(new BPKBuilder().buildStorkbPK(moasession.getIdentityLink().getIdentificationValue(), spCountryCode)); result.add(new PersonalAttribute("eIdentifier", false, value, "Available")); @@ -224,7 +224,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter) */ - public void performRedirect(String url, String spCountyCode, + public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { // there is no redirect required diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java index ec38db513..9492159e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java @@ -21,7 +21,7 @@ public class MISAttributeProvider implements AttributeProvider { this.url = url; } - public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { Logger.error("Entering MIS for attribute: " + attributes.getName()); if (attributes.getName().equals("residencePermit")) { @@ -32,7 +32,7 @@ public class MISAttributeProvider implements AttributeProvider { return null; // } - public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { + public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { Logger.error("Entering MIS redirect for attribute: " ); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java index 6a8e306a1..59b4f386f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java @@ -59,7 +59,7 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java * .lang.String) */ - public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { if(!attribute.getName().equals("signedDoc")){ throw new UnsupportedAttributeException(); @@ -108,7 +108,7 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect * (java.lang.String) */ - public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) + public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index d8becaaf7..2b946b167 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -38,6 +38,8 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /** The attributes. */ private String attributes; + private String spCountryCode; + /** * Instantiates a new stork attribute request provider. * @@ -52,11 +54,13 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { if (!attributes.contains(attribute.getName())) throw new UnsupportedAttributeException(); + + this.spCountryCode = spCountyCode; requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(attribute); @@ -98,7 +102,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) */ - public void performRedirect(String url, String spCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { + public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { String spSector = "Business"; String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); -- cgit v1.2.3 From b5eae4b6d7692a61a943a3238e271d634141f1a0 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 6 Mar 2014 08:34:49 +0100 Subject: cleanup demo ap plugins --- .../stork2/DemoNoRedirectAttributeProvider.java | 46 --------------------- .../stork2/DemoRedirectAttributeProvider.java | 46 --------------------- .../id/protocols/stork2/MISAttributeProvider.java | 47 ---------------------- 3 files changed, 139 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java deleted file mode 100644 index 56120cba2..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ /dev/null @@ -1,46 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -import java.util.ArrayList; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; - -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; - -/** - * Just a simple demoprovider who can fetch any attribute you ask him. - */ -public class DemoNoRedirectAttributeProvider implements AttributeProvider { - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) - */ - public IPersonalAttributeList acquire(PersonalAttribute attributeName, String spCountyCode, AuthenticationSession moasession) - throws UnsupportedAttributeException { - PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); - requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList(), "")); - return requestedAttributes; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) - */ - public IPersonalAttributeList parse(HttpServletRequest httpReq) { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - public void performRedirect(String url, - HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) { - // we should not get here - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java deleted file mode 100644 index aaba87c6c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ /dev/null @@ -1,46 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -import java.util.ArrayList; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; - -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; - -/** - * Just a simple demoprovider who can fetch any attribute you ask him. - */ -public class DemoRedirectAttributeProvider implements AttributeProvider { - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) - */ - public IPersonalAttributeList acquire(PersonalAttribute attributeName, String spCountyCode, AuthenticationSession moasession) - throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { - throw new ExternalAttributeRequestRequiredException(this); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) - */ - public IPersonalAttributeList parse(HttpServletRequest httpReq) { - PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); - requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList(), "")); - return requestedAttributes; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - public void performRedirect(String url, - HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) { - // we should not get here - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java deleted file mode 100644 index 9492159e3..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java +++ /dev/null @@ -1,47 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * Implements Attribute Provider for Mandates - */ -public class MISAttributeProvider implements AttributeProvider { - - String url = null; - - public MISAttributeProvider(String url) { - this.url = url; - } - - public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { - Logger.error("Entering MIS for attribute: " + attributes.getName()); - - if (attributes.getName().equals("residencePermit")) { - Logger.error("MIS EXCEPTION: " + attributes.getName()); - //throw new ExternalAttributeRequestRequiredException(this); - } - - return null; // - } - - public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - Logger.error("Entering MIS redirect for attribute: " ); - - } - - public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { - return null; // - } - - public String getName() { - return "MandateProvider"; - } -} -- cgit v1.2.3 From 44ff7772172d1baf7ef7201225ee44d74511769e Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 6 Mar 2014 08:50:21 +0100 Subject: cleanup unneeded mandateretrievalrequest --- .../protocols/stork2/AttributeProviderFactory.java | 4 ---- .../protocols/stork2/MandateRetrievalRequest.java | 28 ---------------------- 2 files changed, 32 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index d046e12a4..cbe7e5f3c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -20,8 +20,6 @@ public class AttributeProviderFactory { result.add("StorkAttributeRequestProvider"); result.add("EHvdAttributeProvider"); result.add("SignedDocAttributeRequestProvider"); - result.add("MISAttributeProvider"); - return result; } @@ -40,8 +38,6 @@ public class AttributeProviderFactory { return new EHvdAttributeProviderPlugin(url, attributes); } else if (shortname.equals("SignedDocAttributeRequestProvider")) { return new SignedDocAttributeRequestProvider(url); - } else if (shortname.equals("MISAttributeProvider")) { - return new MISAttributeProvider(url); } else { return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java deleted file mode 100644 index bad711dbb..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java +++ /dev/null @@ -1,28 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; -import com.sun.xml.ws.security.trust.WSTrustConstants; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * Processes mandate data after authentication is done in AT - * @author bsuzic - */ -public class MandateRetrievalRequest implements IAction { - public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - return null; // - } - - public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { - return true; - } - - public String getDefaultActionName() { - return STORKProtocol.MANDATERETRIEVALREQUEST; - } -} -- cgit v1.2.3 From 2aa46e49f1566ed6582fa40e0fdffb4ec9b790b4 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 6 Mar 2014 08:51:12 +0100 Subject: cleanup datacontainer --- .../moa/id/protocols/stork2/AuthenticationRequest.java | 3 --- .../moa/id/protocols/stork2/DataContainer.java | 18 ------------------ 2 files changed, 21 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 619935abe..2ae3ab03c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -80,9 +80,6 @@ public class AuthenticationRequest implements IAction { // - fill in the partial response created above container.setResponse(moaStorkResponse); - // - memorize the target url were we have to return the result - container.setTarget(moaStorkRequest.getAssertionConsumerServiceURL()); - container.setRemoteAddress(httpReq.getRemoteAddr()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java index 74239318b..d13754aff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java @@ -58,24 +58,6 @@ public class DataContainer implements Serializable { this.response = moaStorkResponse; } - /** - * Gets the target. - * - * @return the target - */ - public String getTarget() { - return target; - } - - /** - * Sets the target. - * - * @param target the new target - */ - public void setTarget(String target) { - this.target = target; - } - /** * Gets the remote address. * -- cgit v1.2.3 From 96dee381a4dd221a6f7dc9a63c9dda72e7cbbb04 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 6 Mar 2014 08:52:17 +0100 Subject: cleanup SignedDoc AP Plugin --- .../id/protocols/stork2/AttributeProviderFactory.java | 2 +- .../stork2/SignedDocAttributeRequestProvider.java | 19 +++++++------------ 2 files changed, 8 insertions(+), 13 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index cbe7e5f3c..c998b5f69 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -37,7 +37,7 @@ public class AttributeProviderFactory { } else if (shortname.equals("EHvdAttributeProvider")) { return new EHvdAttributeProviderPlugin(url, attributes); } else if (shortname.equals("SignedDocAttributeRequestProvider")) { - return new SignedDocAttributeRequestProvider(url); + return new SignedDocAttributeRequestProvider(url, attributes); } else { return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java index 59b4f386f..3993ee92f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java @@ -17,18 +17,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.StringUtils; - import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAttrQueryRequest; -import eu.stork.peps.auth.commons.STORKAttrQueryResponse; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; /** * Forwards a signedDoc attribute request to the oasis-dss service instance @@ -42,14 +34,19 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { */ private String oasisDssWebFormURL; + /** The attributes. */ + private String attributes; + /** * Instantiates a new signed doc attribute request provider. * * @param oasisDssWebFormURL * the AP location + * @param attributes */ - public SignedDocAttributeRequestProvider(String oasisDssWebFormURL) { + public SignedDocAttributeRequestProvider(String oasisDssWebFormURL, String attributes) { this.oasisDssWebFormURL = oasisDssWebFormURL; + this.attributes = attributes; } /* @@ -61,7 +58,7 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { */ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { - if(!attribute.getName().equals("signedDoc")){ + if(!attributes.contains(attribute.getName())) { throw new UnsupportedAttributeException(); } @@ -80,8 +77,6 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request"); - - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); try { String signResponse = new String(Base64.decodeBase64(httpReq.getParameter("signresponse")), "UTF8"); List values = new ArrayList(); -- cgit v1.2.3 From eb08e465772a766919fdce9dbebc8d5c4e51f224 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 6 Mar 2014 08:53:00 +0100 Subject: cleanup on javadoc --- .../ExternalAttributeRequestRequiredException.java | 2 +- .../moa/id/protocols/stork2/MOASTORKRequest.java | 113 ++++++++++++++++++--- .../moa/id/protocols/stork2/MOASTORKResponse.java | 92 ++++++++++++----- .../stork2/StorkAttributeRequestProvider.java | 1 + 4 files changed, 167 insertions(+), 41 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java index 56f31723c..67fbd50f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java @@ -18,7 +18,7 @@ public class ExternalAttributeRequestRequiredException extends Exception { } /** - * Gets the ap. + * Gets the ap that caused the exception. * * @return the ap */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index e95cfabe2..9ea33c8ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -9,57 +9,95 @@ import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAuthnRequest; /** - * Implements MOA request and stores StorkAuthn/Attr-Request related data + * Implements MOA request and stores StorkAuthn/Attr-Request related data. * * @author bsuzic */ - public class MOASTORKRequest implements IRequest, Serializable { + + /** The Constant serialVersionUID. */ private static final long serialVersionUID = 4581953368724501376L; + + /** The request id. */ private String requestID; + + /** The target. */ private String target = null; + + /** The module. */ String module = null; + + /** The action. */ String action = null; + + /** The stork authn request. */ private STORKAuthnRequest storkAuthnRequest; + + /** The stork attr query request. */ private STORKAttrQueryRequest storkAttrQueryRequest; - private boolean isAttrRequest = false; - private boolean isAuthnRequest = false; + /** + * Sets the sTORK authn request. + * + * @param request the new sTORK authn request + */ public void setSTORKAuthnRequest(STORKAuthnRequest request) { this.storkAuthnRequest = request; - if (request != null) { - isAuthnRequest = true; - } } + /** + * Sets the sTORK attr request. + * + * @param request the new sTORK attr request + */ public void setSTORKAttrRequest(STORKAttrQueryRequest request) { this.storkAttrQueryRequest = request; - if (request != null) { - isAttrRequest = true; - } } + /** + * Checks if the container holds an AttrQueryRequest + * + * @return true, if is attr request + */ public boolean isAttrRequest() { - return this.isAttrRequest; + return null != storkAttrQueryRequest; } + /** + * Checks if the container holds an AuthnRequest + * + * @return true, if is authn request + */ public boolean isAuthnRequest() { - return this.isAuthnRequest; + return null != storkAuthnRequest; } + /** + * Gets the stork authn request. + * + * @return the stork authn request + */ public STORKAuthnRequest getStorkAuthnRequest() { return this.storkAuthnRequest; } + /** + * Gets the stork attr query request. + * + * @return the stork attr query request + */ public STORKAttrQueryRequest getStorkAttrQueryRequest() { return this.storkAttrQueryRequest; } - public String getOAURL() { // TODO CHECK IT - if (isAuthnRequest) + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL() + */ + public String getOAURL() { + if (isAuthnRequest()) return storkAuthnRequest.getAssertionConsumerServiceURL(); - else if (isAttrRequest) + else if (isAttrRequest()) return storkAttrQueryRequest.getAssertionConsumerServiceURL(); else { Logger.error("There is no authentication or attribute request contained in MOASTORKRequest."); @@ -67,46 +105,81 @@ public class MOASTORKRequest implements IRequest, Serializable { } } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv() + */ public boolean isPassiv() { return false; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth() + */ public boolean forceAuth() { return false; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isSSOSupported() + */ public boolean isSSOSupported() { return false; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule() + */ public String requestedModule() { return this.module; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction() + */ public String requestedAction() { return action; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setModule(java.lang.String) + */ public void setModule(String module) { this.module = module; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setAction(java.lang.String) + */ public void setAction(String action) { this.action = action; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getTarget() + */ public String getTarget() { return this.target; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String) + */ public void setRequestID(String id) { this.requestID = id; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID() + */ public String getRequestID() { return this.requestID; } + /** + * Gets the personal attribute list. + * + * @return the personal attribute list + */ public IPersonalAttributeList getPersonalAttributeList() { if(isAttrRequest()) return this.storkAttrQueryRequest.getPersonalAttributeList(); @@ -114,6 +187,11 @@ public class MOASTORKRequest implements IRequest, Serializable { return this.storkAuthnRequest.getPersonalAttributeList(); } + /** + * Gets the sp country. + * + * @return the sp country + */ public String getSpCountry() { if(isAttrRequest()) return this.storkAttrQueryRequest.getSpCountry(); @@ -121,6 +199,11 @@ public class MOASTORKRequest implements IRequest, Serializable { return this.storkAuthnRequest.getSpCountry(); } + /** + * Gets the assertion consumer service url. + * + * @return the assertion consumer service url + */ public String getAssertionConsumerServiceURL() { if(isAttrRequest()) return this.storkAttrQueryRequest.getAssertionConsumerServiceURL(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java index 36f5a80b4..4e0f57779 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java @@ -8,68 +8,110 @@ import eu.stork.peps.auth.commons.STORKAttrQueryResponse; import eu.stork.peps.auth.commons.STORKAuthnResponse; /** - * Implements MOA request and stores StorkAuthn/Attr-Request related data + * Implements MOA request and stores StorkAuthn/Attr-Request related data. * * @author bsuzic */ - public class MOASTORKResponse implements Serializable { + + /** The Constant serialVersionUID. */ private static final long serialVersionUID = -5798803155055518747L; - private STORKAuthnResponse storkAuthnRequest; - private STORKAttrQueryResponse storkAttrQueryRequest; - private boolean isAttrRequest = false; - private boolean isAuthnRequest = false; - + + /** The stork authn request. */ + private STORKAuthnResponse storkAuthnResponse; + + /** The stork attr query request. */ + private STORKAttrQueryResponse storkAttrQueryResponse; + + /** + * Sets the sTORK authn response. + * + * @param request the new sTORK authn response + */ public void setSTORKAuthnResponse(STORKAuthnResponse request) { - this.storkAuthnRequest = request; - if (request != null) { - isAuthnRequest = true; - } + this.storkAuthnResponse = request; } + /** + * Sets the sTORK attr response. + * + * @param request the new sTORK attr response + */ public void setSTORKAttrResponse(STORKAttrQueryResponse request) { - this.storkAttrQueryRequest = request; - if (request != null) { - isAttrRequest = true; - } + this.storkAttrQueryResponse = request; } + /** + * Checks if the container holds an AttrQuery + * + * @return true, if is attr response + */ public boolean isAttrResponse() { - return this.isAttrRequest; + return null != storkAttrQueryResponse; } + /** + * Checks if the container holds an AuthnRequest + * + * @return true, if is authn response + */ public boolean isAuthnResponse() { - return this.isAuthnRequest; + return null != storkAuthnResponse; } + /** + * Gets the AuthnResponse. + * + * @return the stork authn response + */ public STORKAuthnResponse getStorkAuthnResponse() { - return this.storkAuthnRequest; + return this.storkAuthnResponse; } + /** + * Gets the AttrQueryResponse. + * + * @return the stork attr query response + */ public STORKAttrQueryResponse getStorkAttrQueryResponse() { - return this.storkAttrQueryRequest; + return this.storkAttrQueryResponse; } + /** + * Gets the personal attribute list. + * + * @return the personal attribute list + */ public IPersonalAttributeList getPersonalAttributeList() { if(isAttrResponse()) - return this.storkAttrQueryRequest.getPersonalAttributeList(); + return this.storkAttrQueryResponse.getPersonalAttributeList(); else - return this.storkAuthnRequest.getPersonalAttributeList(); + return this.storkAuthnResponse.getPersonalAttributeList(); } + /** + * Sets the personal attribute list. + * + * @param populateAttributes the new personal attribute list + */ public void setPersonalAttributeList(PersonalAttributeList populateAttributes) { if(isAttrResponse()) - this.storkAttrQueryRequest.setPersonalAttributeList(populateAttributes); + this.storkAttrQueryResponse.setPersonalAttributeList(populateAttributes); else - this.storkAuthnRequest.setPersonalAttributeList(populateAttributes); + this.storkAuthnResponse.setPersonalAttributeList(populateAttributes); } + /** + * Sets the country. + * + * @param spCountry the new country + */ public void setCountry(String spCountry) { if(isAttrResponse()) - this.storkAttrQueryRequest.setCountry(spCountry); + this.storkAttrQueryResponse.setCountry(spCountry); else - this.storkAuthnRequest.setCountry(spCountry); + this.storkAuthnResponse.setCountry(spCountry); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 2b946b167..73b8e01b9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -38,6 +38,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /** The attributes. */ private String attributes; + /** The sp country code. */ private String spCountryCode; /** -- cgit v1.2.3 From 0adb60a5f345f8914b40b108608358c573b3dffb Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 6 Mar 2014 08:53:26 +0100 Subject: cleanup StorkProtocol base --- .../moa/id/protocols/stork2/STORKProtocol.java | 30 +++------------------- 1 file changed, 3 insertions(+), 27 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index a361d5f67..496d1044b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -9,12 +9,6 @@ import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.ws.transport.http.HTTPInTransport; -import org.opensaml.ws.transport.http.HTTPOutTransport; -import org.opensaml.ws.transport.http.HttpServletRequestAdapter; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.HashMap; @@ -36,16 +30,10 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { private static HashMap actions = new HashMap(); static { - actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector()); - - instance = new STORKProtocol(); } - private static STORKProtocol instance = null; - - public String getName() { return NAME; } @@ -77,12 +65,6 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { if (AttributeCollector.class.getSimpleName().equals(action)) return STORK2Request; - HTTPInTransport profileReq = new HttpServletRequestAdapter(request); - HTTPOutTransport profileResp = new HttpServletResponseAdapter(response, request.isSecure()); - - BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); - samlMessageContext.setInboundMessageTransport(profileReq); - //extract STORK Response from HTTP Request byte[] decSamlToken; try { @@ -93,22 +75,21 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } //Get SAMLEngine instance - STORKSAMLEngine authnEngine = STORKSAMLEngine.getInstance("incoming"); - STORKSAMLEngine attrEngine = STORKSAMLEngine.getInstance("incoming_attr"); + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); STORKAuthnRequest authnRequest = null; STORKAttrQueryRequest attrRequest = null; // check if valid authn request is contained try { - authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken); + authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); } catch(ClassCastException e) { // we do not have a authnRequest // check if a valid attr request is container try { - attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); + attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); } @@ -137,11 +118,6 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { return false; } - - public void checkPersonalAttributes() { - - - } } -- cgit v1.2.3 From 00389dee59f886d4389b191d98b1a1db7b5de161 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 6 Mar 2014 08:57:01 +0100 Subject: fixed imports on inbound stork processing --- .../moa/id/auth/AuthenticationServer.java | 34 +--------------------- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 6 +--- 2 files changed, 2 insertions(+), 38 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 22c08b3e0..5ad399e2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -87,7 +87,6 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -125,7 +124,7 @@ import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; import eu.stork.oasisdss.api.AdditionalProfiles; import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.exceptions.ApiUtilsException; +import eu.stork.oasisdss.api.ApiUtilsException; import eu.stork.oasisdss.api.Profiles; import eu.stork.oasisdss.api.QualityLevels; import eu.stork.oasisdss.api.SignatureTypes; @@ -138,37 +137,6 @@ import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; -import iaik.asn1.ObjectID; -import iaik.util.logging.Log; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.apache.xpath.XPathAPI; -import org.opensaml.common.IdentifierGenerator; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import org.w3c.dom.*; -import org.xml.sax.SAXException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.TransformerException; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.StringWriter; -import java.math.BigInteger; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.cert.CertificateException; -import java.util.*; //import java.security.cert.CertificateFactory; //import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index f98e5c97b..6ed87a744 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -26,10 +26,7 @@ import iaik.x509.X509Certificate; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; -import java.net.URL; import java.util.ArrayList; -import java.util.List; - import javax.activation.DataSource; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; @@ -68,8 +65,7 @@ import at.gv.util.xsd.xmldsig.SignatureType; import at.gv.util.xsd.xmldsig.X509DataType; import eu.stork.oasisdss.api.ApiUtils; import eu.stork.oasisdss.api.LightweightSourceResolver; -import eu.stork.oasisdss.api.exceptions.ApiUtilsException; -import eu.stork.oasisdss.profile.DocumentWithSignature; +import eu.stork.oasisdss.api.ApiUtilsException; import eu.stork.oasisdss.profile.SignResponse; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; -- cgit v1.2.3 From f144311799a2d491bc6c7de88f43665cc8ad2254 Mon Sep 17 00:00:00 2001 From: Andreas Reiter Date: Thu, 6 Mar 2014 11:02:58 +0100 Subject: Updated oasis-dss-api version to 1.0.0-RELEASE --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 2 +- .../at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5ad399e2d..67a29f81a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -124,7 +124,7 @@ import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; import eu.stork.oasisdss.api.AdditionalProfiles; import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.api.exceptions.ApiUtilsException; import eu.stork.oasisdss.api.Profiles; import eu.stork.oasisdss.api.QualityLevels; import eu.stork.oasisdss.api.SignatureTypes; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 6ed87a744..197e4cda7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -65,7 +65,7 @@ import at.gv.util.xsd.xmldsig.SignatureType; import at.gv.util.xsd.xmldsig.X509DataType; import eu.stork.oasisdss.api.ApiUtils; import eu.stork.oasisdss.api.LightweightSourceResolver; -import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.api.exceptions.ApiUtilsException; import eu.stork.oasisdss.profile.SignResponse; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; -- cgit v1.2.3 From 12052df3f07a1439f4126c34b683eb6e48230086 Mon Sep 17 00:00:00 2001 From: Andreas Reiter Date: Thu, 6 Mar 2014 11:30:30 +0100 Subject: Fix EHvdAttributeProviderPlugin soap request --- .../moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index 02ae5fd62..b99e0ca4d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -101,7 +101,8 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { // SOAP Body SOAPBody requestBody = envelope.getBody(); SOAPElement requestBodyElem = requestBody.addChildElement("IsHealthcareProfessional"); - requestBodyElem.addAttribute(new QName("xmlns"), "http://gesundheit.gv.at/BAGDAD/DataAccessService"); + requestBodyElem.addAttribute(envelope.createName("xmlns"), "http://gesundheit.gv.at/BAGDAD/DataAccessService"); + SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK"); requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(moasession.getIdentityLink().getIdentificationValue(), "GH")); -- cgit v1.2.3 From 1c802614fe489280f93d36bfb6908ebffc96e4aa Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 11 Mar 2014 08:03:45 +0100 Subject: logging --- .../moa/id/protocols/stork2/AttributeCollector.java | 15 +++++++++++++++ .../moa/id/protocols/stork2/AuthenticationRequest.java | 1 + .../id/protocols/stork2/EHvdAttributeProviderPlugin.java | 4 ++++ .../moa/id/protocols/stork2/STORKProtocol.java | 1 + .../stork2/SignedDocAttributeRequestProvider.java | 5 ++++- .../protocols/stork2/StorkAttributeRequestProvider.java | 13 +++++++++---- 6 files changed, 34 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 842c06f15..9cd825fc8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -99,6 +99,7 @@ public class AttributeCollector implements IAction { * @throws MOAIDException */ public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { + Logger.setHierarchy("moa.id.protocols.stork2"); // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); @@ -108,6 +109,8 @@ public class AttributeCollector implements IAction { if (!responseAttributeList.containsKey(current.getName())) missingAttributes.add(current); + Logger.debug("found " + missingAttributes.size() + " missing attributes"); + // Try to get all missing attributes try { // for each attribute still missing @@ -126,7 +129,9 @@ public class AttributeCollector implements IAction { for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { try { // - hand over control to the suitable plugin + Logger.info(currentProvider.getClass().getSimpleName() + " called to handle attribute '" + currentAttribute.getName() + "'"); aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), moasession); + Logger.info(currentProvider.getClass().getSimpleName() + " can handle attribute '" + currentAttribute.getName() + "'"); break; } catch (UnsupportedAttributeException e) { // ok, try the next attributeprovider @@ -156,12 +161,17 @@ public class AttributeCollector implements IAction { // the attribute request is ongoing and requires an external service. try { // memorize the container again + Logger.debug("prepare putting the container into temporary storage..."); + // - generate new key String newArtifactId = new SecureRandomIdentifierGenerator() .generateIdentifier(); // - put container in temporary store. AssertionStorage.getInstance().put(newArtifactId, container); + Logger.debug("...successful"); + + Logger.info(e.getAp().getClass().getSimpleName() + " is going to ask an external service provider for the requested attributes"); // add container-key to redirect embedded within the return URL e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam); @@ -256,7 +266,10 @@ public class AttributeCollector implements IAction { * @throws MOAIDException */ private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException { + Logger.info("Updating " + source.size() + " attributes..."); for (PersonalAttribute current : source) { + Logger.debug("treating " + current.getName()); + // check if we need to update the current pa if (target.containsKey(current.getName())) { PersonalAttribute existing = target.get(current.getName()); @@ -271,6 +284,8 @@ public class AttributeCollector implements IAction { target.get(current.getName()).setComplexValue(current.getComplexValue()); } else target.add(current); + + Logger.debug("...successfully treated " + current.getName()); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 2ae3ab03c..3d5fbd337 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -36,6 +36,7 @@ public class AuthenticationRequest implements IAction { public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + Logger.setHierarchy("moa.id.protocols.stork2"); this.moaSession = moasession; if (req instanceof MOASTORKRequest) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index b99e0ca4d..f7d105ab8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -71,6 +71,8 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { throw new UnsupportedAttributeException(); try { + Logger.setHierarchy("moa.id.protocols.stork2"); + Logger.debug("initializing SOAP connections..."); // create SOAP connection SOAPConnection soapConnection = SOAPConnectionFactory.newInstance().createConnection(); @@ -109,6 +111,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { requestMessage.saveChanges(); // perform SOAP call + Logger.debug("call..."); SOAPMessage responseMessage = soapConnection.call(requestMessage, destination); // parse SOAP response @@ -131,6 +134,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { see https://stork.ehealth.gv.at/GDAService.asmx?op=IsHealthcareProfessional */ + Logger.debug("call successful. Parse..."); SOAPBody responseBody = responseMessage.getSOAPBody(); // iterate through tree diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 496d1044b..e415daf3e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -55,6 +55,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { and other info are obtained, in the second step the request will be processed and the user redirected */ public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { + Logger.setHierarchy("moa.id.protocols.stork2"); Logger.debug("Starting preprocessing"); Logger.debug("Request method: " + request.getMethod()); Logger.debug("Request content length: " + request.getContentLength()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java index 3993ee92f..f629db5a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java @@ -75,6 +75,7 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { * .servlet.http.HttpServletRequest) */ public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { + Logger.setHierarchy("moa.id.protocols.stork2"); Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request"); try { @@ -106,6 +107,8 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { + Logger.setHierarchy("moa.id.protocols.stork2"); + try { Logger.trace("Initialize VelocityEngine..."); @@ -121,7 +124,7 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { resp.getOutputStream().write(writer.toString().getBytes()); } catch (Exception e) { - Logger.error("Error sending STORK SAML AttrRequest.", e); + Logger.error("Error sending DSS signrequest.", e); throw new MOAIDException("stork.11", null); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 73b8e01b9..b3d831b80 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -72,7 +72,9 @@ public class StorkAttributeRequestProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { - Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); + + Logger.setHierarchy("moa.id.protocols.stork2"); + Logger.info(this.getClass().getSimpleName() + " tries to extract SAMLResponse out of HTTP Request"); //extract STORK Response from HTTP Request //Decodes SAML Response @@ -91,7 +93,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider { //validate SAML Token Logger.debug("Starting validation of SAML response"); attrResponse = engine.validateSTORKAttrQueryResponse(decSamlToken, (String) httpReq.getRemoteHost()); - Logger.info("SAML response succesfully verified!"); + Logger.info("SAML response successfully verified!"); }catch(STORKSAMLEngineException e){ Logger.error("Failed to verify STORK SAML Response", e); throw new MOAIDException("stork.05", null); @@ -104,7 +106,9 @@ public class StorkAttributeRequestProvider implements AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) */ public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - + + Logger.setHierarchy("moa.id.protocols.stork2"); + String spSector = "Business"; String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; @@ -125,7 +129,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider { attributeRequest.setCitizenCountryCode("AT"); - Logger.debug("STORK AttrRequest succesfully assembled."); + Logger.debug("STORK AttrRequest successfully assembled."); STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); try { @@ -154,6 +158,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider { Logger.error("Error sending STORK SAML AttrRequest.", e); throw new MOAIDException("stork.11", null); } + Logger.info("STORK AttrRequest successfully rendered!"); } } -- cgit v1.2.3 From 921a14d46078fba6ee66addd9b0c40ae82081f9c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 12 Mar 2014 09:54:39 +0100 Subject: sketched consent collector --- .../id/protocols/stork2/AttributeCollector.java | 80 +---------- .../moa/id/protocols/stork2/ConsentEvaluator.java | 149 +++++++++++++++++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 4 +- 3 files changed, 153 insertions(+), 80 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 9cd825fc8..5d972ba00 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -148,12 +148,7 @@ public class AttributeCollector implements IAction { // else, update any existing attributes addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); } - - // build response - generateSTORKResponse(container); - - // set new http response - generateRedirectResponse(response, container); + new ConsentEvaluatorSepp().requestConsent(container, response, oaParam); return "12345"; // AssertionId @@ -185,79 +180,6 @@ public class AttributeCollector implements IAction { } } - /** - * generates binary response from given response class. - * - * @param container the container - * @throws MOAIDException the mOAID exception - */ - private void generateSTORKResponse(DataContainer container) throws MOAIDException { - MOASTORKRequest request = container.getRequest(); - MOASTORKResponse response = container.getResponse(); - - try { - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - Logger.debug("Starting generation of SAML response"); - if(response.isAuthnResponse()) - response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false)); - else - response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false)); - - //generateSAML Token - Logger.info("SAML response succesfully generated!"); - } catch (STORKSAMLEngineException e) { - Logger.error("Failed to generate STORK SAML Response", e); - throw new MOAIDException("stork.05", null); - } - - Logger.info("STORK SAML Response message succesfully generated "); - } - - /** - * writes the storkresponse to the httpresponse using the velocity engine. - * - * @param httpResp the http resp - * @param container the container - */ - private void generateRedirectResponse(HttpServletResponse httpResp, DataContainer container) { - MOASTORKResponse authnResponse = container.getResponse(); - MOASTORKRequest authnRequest = container.getRequest(); - - // preparing redirection for the client - try { - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); - VelocityContext context = new VelocityContext(); - - byte[] blob; - if(authnRequest.isAttrRequest()) - blob = authnResponse.getStorkAttrQueryResponse().getTokenSaml(); - else - blob = authnResponse.getStorkAuthnResponse().getTokenSaml(); - - context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob)); - Logger.debug("SAMLResponse original: " + new String(blob)); - - Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL()); - context.put("action", authnRequest.getAssertionConsumerServiceURL()); - Logger.debug("Starting template merge"); - StringWriter writer = new StringWriter(); - - Logger.debug("Doing template merge"); - template.merge(context, writer); - Logger.debug("Template merge done"); - - Logger.debug("Sending html content: " + writer.getBuffer().toString()); - Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); - - httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); - - } catch (Exception e) { - Logger.error("Velocity error: " + e.getMessage()); - } - } - /** * Adds or updates all {@link PersonalAttribute} objects given in {@code source} to/in {@code target}. * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java new file mode 100644 index 000000000..9745d81c5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -0,0 +1,149 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.io.StringWriter; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * The ConsentEvaluator assists with fetching user consent on the list of attributes to be sent to the asking S-PEPS. + */ +public class ConsentEvaluator implements IAction { + + /** + * The Constant ARTIFACT_ID. + */ + private static final String ARTIFACT_ID = "artifactId"; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) + */ + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + + // - fetch the container + String artifactId = (String) httpReq.getParameter(ARTIFACT_ID); + DataContainer container; + try { + container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); + } catch (MOADatabaseException e) { + Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); + throw new MOAIDException("stork.17", null); + } + + // TODO evaluate response + + // build and send response + generateSTORKResponse(httpResp, container); + + return "12345"; // AssertionId + } + + /** + * Fills the given HttpResponse with the required web page. + * + * @param container the container + * @param response the response + * @param oaParam the oa param + * @return the string + * @throws MOAIDException the mOAID exception + */ + public String requestConsent(DataContainer container, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException { + // prepare redirect + + // ask for consent + + return "12345"; // AssertionId + } + + /** + * generates binary response from given response class and fill the given HttpResponse with a SAML Post Binding template. + * + * @param httpResp the http resp + * @param container the container + * @throws MOAIDException the mOAID exception + */ + public void generateSTORKResponse(HttpServletResponse httpResp, DataContainer container) throws MOAIDException { + MOASTORKRequest request = container.getRequest(); + MOASTORKResponse response = container.getResponse(); + + try { + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + Logger.debug("Starting generation of SAML response"); + if(response.isAuthnResponse()) + response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false)); + else + response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false)); + + //generateSAML Token + Logger.info("SAML response succesfully generated!"); + } catch (STORKSAMLEngineException e) { + Logger.error("Failed to generate STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + Logger.info("STORK SAML Response message succesfully generated "); + + // preparing redirection for the client + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + + byte[] blob; + if(request.isAttrRequest()) + blob = response.getStorkAttrQueryResponse().getTokenSaml(); + else + blob = response.getStorkAuthnResponse().getTokenSaml(); + + context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob)); + Logger.debug("SAMLResponse original: " + new String(blob)); + + Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL()); + context.put("action", request.getAssertionConsumerServiceURL()); + Logger.debug("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.debug("Doing template merge"); + template.merge(context, writer); + Logger.debug("Template merge done"); + + Logger.debug("Sending html content: " + writer.getBuffer().toString()); + Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + public String getDefaultActionName() { + return STORKProtocol.CONSENT_EVALUATOR; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index e415daf3e..b1c923b9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -26,12 +26,14 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector"; public static final String MANDATERETRIEVALREQUEST = "MandateRetrievalRequest"; + public static final String CONSENT_EVALUATOR = "ConsentEvaluator"; private static HashMap actions = new HashMap(); static { actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector()); + actions.put(CONSENT_EVALUATOR, new ConsentEvaluatorSepp()); } public String getName() { @@ -63,7 +65,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { MOASTORKRequest STORK2Request = new MOASTORKRequest(); - if (AttributeCollector.class.getSimpleName().equals(action)) + if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluatorSepp.class.getSimpleName().equals(action)) return STORK2Request; //extract STORK Response from HTTP Request -- cgit v1.2.3 From 3075521544ff79c5fa0d740c6b388bfeab58b8c5 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 12 Mar 2014 09:57:37 +0100 Subject: storing datacontainer in temporary storage before redirecting --- .../moa/id/protocols/stork2/ConsentEvaluator.java | 25 ++++++++++++++++++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 4 ++-- 2 files changed, 27 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 9745d81c5..8b7bcf0c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -1,21 +1,27 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.io.StringWriter; +import java.util.ArrayList; +import java.util.HashMap; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -63,6 +69,25 @@ public class ConsentEvaluator implements IAction { */ public String requestConsent(DataContainer container, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException { // prepare redirect + String newArtifactId; + try { + + // memorize the container again + Logger.debug("prepare putting the container into temporary storage..."); + + // - generate new key + newArtifactId = new SecureRandomIdentifierGenerator().generateIdentifier(); + + // - put container in temporary store. + AssertionStorage.getInstance().put(newArtifactId, container); + + Logger.debug("...successful"); + + } catch (Exception e1) { + // TODO should we return the response as is to the PEPS? + Logger.error("Error putting incomplete Stork response into temporary storage", e1); + throw new MOAIDException("stork.17", null); + } // ask for consent diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index b1c923b9f..19d1c7f15 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -33,7 +33,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { static { actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector()); - actions.put(CONSENT_EVALUATOR, new ConsentEvaluatorSepp()); + actions.put(CONSENT_EVALUATOR, new ConsentEvaluator()); } public String getName() { @@ -65,7 +65,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { MOASTORKRequest STORK2Request = new MOASTORKRequest(); - if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluatorSepp.class.getSimpleName().equals(action)) + if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action)) return STORK2Request; //extract STORK Response from HTTP Request -- cgit v1.2.3 From eb993b9da5938138373a3ad4a619bf2e290c6cfc Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 12 Mar 2014 09:58:22 +0100 Subject: render consent html page --- .../moa/id/protocols/stork2/ConsentEvaluator.java | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 8b7bcf0c6..5b5c00b2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -90,6 +90,29 @@ public class ConsentEvaluator implements IAction { } // ask for consent + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html"); + VelocityContext context = new VelocityContext(); + + context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/CompleteAuthentication?" + ARTIFACT_ID + "=" + newArtifactId); + + // assemble table + String table = ""; + for (PersonalAttribute current : container.getResponse().getPersonalAttributeList()) + if ("Available".equals(current.getStatus())) + table += "" + current.getName() + "\n"; + + context.put("tablecontent", table); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + response.getOutputStream().write(writer.getBuffer().toString().getBytes()); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + throw new MOAIDException("stork.17", null); + } return "12345"; // AssertionId } -- cgit v1.2.3 From 4ade7db6124eec07aebf087721d3d478f92bdaad Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 12 Mar 2014 09:59:19 +0100 Subject: added consent-checkbox to config ui --- .../java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java | 5 ++++- .../gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java | 7 ++++++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index d1de20c4d..31ba64be0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -67,7 +67,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.OAParameter; -import at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -350,6 +349,10 @@ public List getRequestedAttributes() { return oa_auth.getOASTORK().getOAAttributes(); } +public boolean isRequireConsentForStorkAttributes() { + return oa_auth.getOASTORK().isRequireConsent(); +} + public List getStorkAPs() { return oa_auth.getOASTORK().getAttributeProviders(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 5d972ba00..7dbbb5734 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -148,7 +148,12 @@ public class AttributeCollector implements IAction { // else, update any existing attributes addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); } - new ConsentEvaluatorSepp().requestConsent(container, response, oaParam); + + // ask for consent if necessary + if(oaParam.isRequireConsentForStorkAttributes()) + new ConsentEvaluator().requestConsent(container, response, oaParam); + else + new ConsentEvaluator().generateSTORKResponse(response, container); return "12345"; // AssertionId -- cgit v1.2.3 From 8ad16443ec20f49e8f14b1dc79c72a8dff674a64 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 12 Mar 2014 09:59:46 +0100 Subject: evaluate consent page result --- .../gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 5b5c00b2a..79404d4f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -50,7 +50,14 @@ public class ConsentEvaluator implements IAction { throw new MOAIDException("stork.17", null); } - // TODO evaluate response + // evaluate response + for(PersonalAttribute current : container.getResponse().getPersonalAttributeList()) { + if(null == httpReq.getParameter(current.getName())) { + current.setStatus("notAvailable"); + current.setValue(new ArrayList()); + current.setComplexValue(new HashMap()); + } + } // build and send response generateSTORKResponse(httpResp, container); -- cgit v1.2.3 From 60ac2a89fce86eb1e8344eb22535cfdd0b9aa147 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 14 Mar 2014 18:37:56 +0100 Subject: attr --- .../id/protocols/stork2/AttributeCollector.java | 1 + .../protocols/stork2/AttributeProviderFactory.java | 10 ++++- .../id/protocols/stork2/AuthenticationRequest.java | 32 ++++++++++++- .../moa/id/protocols/stork2/ConsentEvaluator.java | 8 +++- .../stork2/MandateAttributeRequestProvider.java | 52 ++++++++++++++++++++++ 5 files changed, 98 insertions(+), 5 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 7dbbb5734..1dfccb6c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -178,6 +178,7 @@ public class AttributeCollector implements IAction { } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e1); + e1.printStackTrace(); throw new MOAIDException("stork.11", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index c998b5f69..a8a9d9677 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.logging.Logger; import java.util.ArrayList; import java.util.List; @@ -20,6 +21,7 @@ public class AttributeProviderFactory { result.add("StorkAttributeRequestProvider"); result.add("EHvdAttributeProvider"); result.add("SignedDocAttributeRequestProvider"); + result.add("MandateAttributeRequestProvider"); return result; } @@ -38,6 +40,8 @@ public class AttributeProviderFactory { return new EHvdAttributeProviderPlugin(url, attributes); } else if (shortname.equals("SignedDocAttributeRequestProvider")) { return new SignedDocAttributeRequestProvider(url, attributes); + } else if (shortname.equals("MandateAttributeRequestProvider")) { + return new MandateAttributeRequestProvider(url, attributes); } else { return null; } @@ -51,10 +55,14 @@ public class AttributeProviderFactory { */ public static List getConfiguredPlugins( List configuredAPs) { + Logger.setHierarchy("moa.id.protocols.stork2"); List result = new ArrayList(); - for (AttributeProviderPlugin current : configuredAPs) + for (AttributeProviderPlugin current : configuredAPs) { + result.add(create(current.getName(), current.getUrl(), current.getAttributes())); + Logger.debug("Adding configured attribute provider: " + current.getClass().getName() + current.getName() + " at " + current.getUrl()); + } return result; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 3d5fbd337..442fa8a5b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -10,8 +10,11 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; +import org.joda.time.DateTime; import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; @@ -61,13 +64,25 @@ public class AuthenticationRequest implements IAction { // check if we have authentication request else if (moaStorkRequest.isAuthnRequest()) { Logger.debug("Starting AuthenticationRequest"); - moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); + // Get personal attributtes from MOA/IdentityLink moaStorkResponse.setPersonalAttributeList(populateAttributes()); + + + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + STORKAuthnResponse authnResponse = new STORKAuthnResponse(); + + Logger.debug("Starting generation of SAML response"); + try { + moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(),httpReq.getRemoteAddr(), false)); + } catch (STORKSAMLEngineException ex) { + // TODO + } + } - moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); + //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); // Prepare extended attributes Logger.debug("Preparing data container"); @@ -84,6 +99,19 @@ public class AuthenticationRequest implements IAction { container.setRemoteAddress(httpReq.getRemoteAddr()); + STORKAuthnResponse arep = moaStorkResponse.getStorkAuthnResponse(); + + + arep.setCountry("XX"); + arep.setInResponseTo("xxxx"); + arep.setMessage("xxxx"); + arep.setSamlId("xxxx"); + arep.setStatusCode("xxxx"); + + // arep.setNotBefore(new DateTime().withTimeAtStartOfDay()); + // arep.setNotOnOrAfter(new DateTime().withTimeAtStartOfDay()); + + Logger.debug("Data container prepared"); return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 79404d4f0..19ec754ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -15,11 +15,13 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; +import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import javax.servlet.http.HttpServletRequest; @@ -92,7 +94,8 @@ public class ConsentEvaluator implements IAction { } catch (Exception e1) { // TODO should we return the response as is to the PEPS? - Logger.error("Error putting incomplete Stork response into temporary storage", e1); + e1.printStackTrace(); + Logger.error("Error putting incomplete Stork response into temporary storage", e1); throw new MOAIDException("stork.17", null); } @@ -143,7 +146,8 @@ public class ConsentEvaluator implements IAction { response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false)); else response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false)); - + + //generateSAML Token Logger.info("SAML response succesfully generated!"); } catch (STORKSAMLEngineException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java new file mode 100644 index 000000000..123999166 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -0,0 +1,52 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Provides mandate attribute from MIS + * + */ +public class MandateAttributeRequestProvider implements AttributeProvider { + /** The destination. */ + private Object destination; + + /** The attributes. */ + private String attributes; + + public MandateAttributeRequestProvider(String url, String supportedAttributes) { + Logger.setHierarchy("moa.id.protocols.stork2"); + destination = url; + attributes = supportedAttributes; + } + + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + Logger.info("Acquiring attribute: " + this.getClass().getName()); + // break if we cannot handle the requested attribute + if(!attributes.contains(attribute.getName())) + throw new UnsupportedAttributeException(); + PersonalAttributeList result = new PersonalAttributeList(); + //return result; + throw new ExternalAttributeRequestRequiredException(this); + } + + public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { + Logger.info("Redirecting: " + this.getClass().getName()); + + } + + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { + Logger.info("Parsing attribute: " + this.getClass().getName()); + + return null; // + } +} -- cgit v1.2.3 From cb7942a2d5f13744b114fd6d4fad49aefdac12f1 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 17 Mar 2014 19:06:54 +0100 Subject: attr not working completely --- .../egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index d89fb8cb2..44b140548 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -43,7 +43,7 @@ public class MOAAttributeProvider { public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) { String storkAttribute = requestedAttribute.getName(); - + Logger.setHierarchy("moa.id.protocols.stork2"); if (storkAttributeSimpleMapping.containsKey(storkAttribute)) { Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]"); try { @@ -70,6 +70,7 @@ public class MOAAttributeProvider { } private String geteIdentifier() { + Logger.setHierarchy("moa.id.protocols.stork2"); Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry()); try { return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkRequest.getStorkAuthnRequest().getSpCountry()); @@ -81,6 +82,7 @@ public class MOAAttributeProvider { private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) { + Logger.setHierarchy("moa.id.protocols.stork2"); try { String attributeValue = method.invoke(object, new Class[]{}).toString(); PersonalAttribute newAttribute = new PersonalAttribute(); @@ -88,7 +90,7 @@ public class MOAAttributeProvider { newAttribute.setStatus("Available"); newAttribute.setIsRequired(isRequired); - Logger.debug("Got attribute value: " + attributeValue); + Logger.info("Got attribute value: " + attributeValue); newAttribute.setValue(new ArrayList(edu.emory.mathcs.backport.java.util.Collections.singletonList(attributeValue))); attributeList.add(newAttribute); } catch (InvocationTargetException e) { -- cgit v1.2.3 From 7f896d543b412062935db895c9a951d64d638b5d Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 18 Mar 2014 16:02:05 +0100 Subject: correcting mandate request --- .../id/protocols/stork2/AttributeCollector.java | 2 +- .../protocols/stork2/AttributeProviderFactory.java | 7 +- .../id/protocols/stork2/AuthenticationRequest.java | 8 +- .../stork2/MandateAttributeRequestProvider.java | 109 +++++++++++++++++---- 4 files changed, 103 insertions(+), 23 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 1dfccb6c0..e0f14c41d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -194,7 +194,7 @@ public class AttributeCollector implements IAction { * @throws MOAIDException */ private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException { - Logger.info("Updating " + source.size() + " attributes..."); + Logger.info("Updating " + source.size() + " attribute(s)..."); for (PersonalAttribute current : source) { Logger.debug("treating " + current.getName()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index a8a9d9677..7fb7a7bc6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -41,7 +41,12 @@ public class AttributeProviderFactory { } else if (shortname.equals("SignedDocAttributeRequestProvider")) { return new SignedDocAttributeRequestProvider(url, attributes); } else if (shortname.equals("MandateAttributeRequestProvider")) { - return new MandateAttributeRequestProvider(url, attributes); + try { + return new MandateAttributeRequestProvider(url, attributes); + } catch (Exception ex) { + ex.printStackTrace(); + return null; + } } else { return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 442fa8a5b..88c0e889d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -66,12 +66,8 @@ public class AuthenticationRequest implements IAction { Logger.debug("Starting AuthenticationRequest"); moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); - // Get personal attributtes from MOA/IdentityLink - moaStorkResponse.setPersonalAttributeList(populateAttributes()); - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - STORKAuthnResponse authnResponse = new STORKAuthnResponse(); Logger.debug("Starting generation of SAML response"); try { @@ -80,6 +76,10 @@ public class AuthenticationRequest implements IAction { // TODO } + // Get personal attributtes from MOA/IdentityLink + moaStorkResponse.setPersonalAttributeList(populateAttributes()); + + } //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java index 123999166..d3eded934 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -1,52 +1,127 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; +import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.StringWriter; /** - * Provides mandate attribute from MIS - * + * Provides mandate attribute from MIS */ public class MandateAttributeRequestProvider implements AttributeProvider { - /** The destination. */ - private Object destination; + /** + * The destination. + */ + private String destination; - /** The attributes. */ + /** + * The attributes. + */ private String attributes; - public MandateAttributeRequestProvider(String url, String supportedAttributes) { + private String spCountryCode; + + private PersonalAttributeList requestedAttributes; + + public MandateAttributeRequestProvider(String aPurl, String supportedAttributes) throws MOAIDException { Logger.setHierarchy("moa.id.protocols.stork2"); - destination = url; + destination = aPurl; attributes = supportedAttributes; } - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { - Logger.info("Acquiring attribute: " + this.getClass().getName()); + public String getAttrProviderName() { + return "MandateAttributeRequestProvider"; + } + + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName()); + this.spCountryCode = spCountryCode; + requestedAttributes = new PersonalAttributeList(1); + requestedAttributes.add(attribute); + // break if we cannot handle the requested attribute - if(!attributes.contains(attribute.getName())) + if (!attributes.contains(attribute.getName())) { + Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName()); throw new UnsupportedAttributeException(); + } PersonalAttributeList result = new PersonalAttributeList(); //return result; + Logger.info("Thrown external request by: " + getAttrProviderName()); throw new ExternalAttributeRequestRequiredException(this); } public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - Logger.info("Redirecting: " + this.getClass().getName()); + Logger.setHierarchy("moa.id.protocols.stork2"); + + String spSector = "Business"; + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + + //generate AuthnRquest + STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); + attributeRequest.setDestination(destination); + attributeRequest.setAssertionConsumerServiceURL(url); + attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); + attributeRequest.setQaa(oaParam.getQaaLevel()); + attributeRequest.setSpInstitution(spInstitution); + attributeRequest.setCountry(spCountryCode); + attributeRequest.setSpCountry(spCountryCode); + attributeRequest.setSpApplication(spApplication); + attributeRequest.setSpSector(spSector); + attributeRequest.setPersonalAttributeList(requestedAttributes); + + attributeRequest.setCitizenCountryCode("AT"); + + + Logger.info("STORK AttrRequest successfully assembled."); + + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); + try { + attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest); + } catch (STORKSAMLEngineException e) { + Logger.error("Could not sign STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AttrRequest successfully signed!"); + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.11", null); + } + Logger.info("STORK AttrRequest successfully rendered!"); } public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { - Logger.info("Parsing attribute: " + this.getClass().getName()); - return null; // } + } + -- cgit v1.2.3 From e928a8ba66724466dc613ff4bf0320d1d1ef9e98 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 18 Mar 2014 19:35:11 +0100 Subject: mandaterequest --- .../protocols/stork2/MandateRetrievalRequest.java | 29 ++++++++++++++++++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 3 ++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java new file mode 100644 index 000000000..4e99cc8aa --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -0,0 +1,29 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.logging.Logger; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * + */ +public class MandateRetrievalRequest implements IAction { + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + Logger.setHierarchy("moa.id.protocols.stork2"); + Logger.info("Entering mandateretrievalrequest"); + return null; // + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + return true; // + } + + public String getDefaultActionName() { + return STORKProtocol.MANDATERETRIEVALREQUEST; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 19d1c7f15..ec77109af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -34,6 +34,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector()); actions.put(CONSENT_EVALUATOR, new ConsentEvaluator()); + actions.put(MANDATERETRIEVALREQUEST, new MandateRetrievalRequest()); } public String getName() { @@ -58,7 +59,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { */ public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { Logger.setHierarchy("moa.id.protocols.stork2"); - Logger.debug("Starting preprocessing"); + Logger.info("Starting preprocessing for Stork2 protocol"); Logger.debug("Request method: " + request.getMethod()); Logger.debug("Request content length: " + request.getContentLength()); Logger.debug("Initiating action: " + action); -- cgit v1.2.3 From f0edd064cb7dab5ac6477926e5c9854c03ddd9c5 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Mar 2014 11:47:01 +0100 Subject: fixed velocity engine logging issue --- .../main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java | 2 ++ 1 file changed, 2 insertions(+) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java index b923727f9..534121443 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java @@ -103,6 +103,8 @@ public class VelocityProvider { VelocityEngine velocityEngine = new VelocityEngine(); velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, + "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); return velocityEngine; } -- cgit v1.2.3 From 81e83a4889ea8a3c2a1cd645bc02b5b72604e71f Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Mar 2014 11:47:52 +0100 Subject: logging statements tweaked --- .../moa/id/protocols/stork2/AttributeCollector.java | 10 +++++++--- .../egovernment/moa/id/protocols/stork2/ConsentEvaluator.java | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index e0f14c41d..4bf193e9e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -109,6 +109,7 @@ public class AttributeCollector implements IAction { if (!responseAttributeList.containsKey(current.getName())) missingAttributes.add(current); + Logger.info("collecting attributes..."); Logger.debug("found " + missingAttributes.size() + " missing attributes"); // Try to get all missing attributes @@ -135,8 +136,10 @@ public class AttributeCollector implements IAction { break; } catch (UnsupportedAttributeException e) { // ok, try the next attributeprovider + Logger.info(currentProvider.getClass().getSimpleName() + " could not handle attribute '" + currentAttribute.getName() + "'"); } catch (MOAIDException e) { // the current plugin had an error. Try the next one. + Logger.info(currentProvider.getClass().getSimpleName() + " could not handle attribute '" + currentAttribute.getName() + "' due to an error"); } } @@ -148,6 +151,7 @@ public class AttributeCollector implements IAction { // else, update any existing attributes addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); } + Logger.info("collecting attributes done"); // ask for consent if necessary if(oaParam.isRequireConsentForStorkAttributes()) @@ -194,9 +198,9 @@ public class AttributeCollector implements IAction { * @throws MOAIDException */ private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException { - Logger.info("Updating " + source.size() + " attribute(s)..."); + Logger.debug("Updating " + source.size() + " attributes..."); for (PersonalAttribute current : source) { - Logger.debug("treating " + current.getName()); + Logger.trace("treating " + current.getName()); // check if we need to update the current pa if (target.containsKey(current.getName())) { @@ -213,7 +217,7 @@ public class AttributeCollector implements IAction { } else target.add(current); - Logger.debug("...successfully treated " + current.getName()); + Logger.trace("...successfully treated " + current.getName()); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 19ec754ee..bcf086b56 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -137,6 +137,8 @@ public class ConsentEvaluator implements IAction { public void generateSTORKResponse(HttpServletResponse httpResp, DataContainer container) throws MOAIDException { MOASTORKRequest request = container.getRequest(); MOASTORKResponse response = container.getResponse(); + + Logger.info("generating stork response..."); try { //Get SAMLEngine instance @@ -155,8 +157,6 @@ public class ConsentEvaluator implements IAction { throw new MOAIDException("stork.05", null); } - Logger.info("STORK SAML Response message succesfully generated "); - // preparing redirection for the client try { VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); -- cgit v1.2.3 From c54fd74a0ac1c03beb6870abf4710daddfd16a33 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Mar 2014 12:19:56 +0100 Subject: adapted inbound mandate handling to samlengine --- .../moa/id/auth/stork/STORKResponseProcessor.java | 32 +++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 57843d0f3..ab9decde0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -138,7 +138,37 @@ public class STORKResponseProcessor { String citizenSignature = getAttributeValue("signedDoc", attributeList); // if we have a signedDoc we test for a representation case - if(hasAttribute("mandateContent", attributeList) || hasAttribute("representative", attributeList) || hasAttribute("represented", attributeList)) { + // - according to stork samlengine and commons + if(hasAttribute("mandate", attributeList)) { + // we have a representation case + String mandate = getAttributeValue("mandate", attributeList); + + if(!hasAttribute("dateOfBirth", attributeList)) { + // if we get here, we have a natural person representing a legal person + String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList); + String organizationType = getAttributeValue("translateableType", attributeList); + + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, null, null, mandate, organizationAddress, organizationType, targetType, targetValue, oaFriendlyName, filters); + } else { + // if we get here, we have a natural person representing another natural person + String eIdentifier = getAttributeValue("eIdentifier", attributeList); + String givenName = getAttributeValue("givenName", attributeList); + String lastName = getAttributeValue("surname", attributeList); + String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); + + // gender attribute is mandatory here because of some legal stuff + String gender = getAttributeValue("gender", attributeList); + + if (!StringUtils.isEmpty(dateOfBirth)) + dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); + + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, + givenName, lastName, dateOfBirth, gender, citizenSignature, null, + null, mandate, targetType, targetValue, oaFriendlyName, filters); + } + } + // - according to stork spec + else if(hasAttribute("mandateContent", attributeList) || hasAttribute("representative", attributeList) || hasAttribute("represented", attributeList)) { // we have a representation case String representative = getAttributeValue("representative", attributeList); String represented = getAttributeValue("represented", attributeList); -- cgit v1.2.3 From eab3194053237391030f8c363ca072766e19faf9 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 20 Mar 2014 12:34:16 +0100 Subject: bpk --- .../main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 226d05520..603d924d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -47,6 +47,7 @@ package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -171,11 +172,12 @@ public class BPKBuilder { } String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry; - + Logger.info("Building STORK identification from:" + basisbegriff); try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); String hashBase64 = Base64Utils.encode(hash); + Logger.info("STORK identification defined as: " + hashBase64); return hashBase64; } catch (Exception ex) { throw new BuildException("builder.00", new Object[]{"storkid", ex.toString()}, ex); -- cgit v1.2.3 From 70e3ac3a5a76c430f453019eba72a1f291069913 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Thu, 20 Mar 2014 13:35:29 +0100 Subject: adjust bpk builder --- .../java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java | 7 ++++++- .../egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java | 4 +++- .../moa/id/protocols/stork2/StorkAttributeRequestProvider.java | 1 + 3 files changed, 10 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 603d924d8..866c5a923 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -170,9 +170,12 @@ public class BPKBuilder { new Object[]{"storkid", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); } + Logger.info("Building STORK identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); + String eIdentifier = sourceCountry+"/"+destinationCountry+"/"+identificationValue; + /* Commented - it is already done by BKU, we need only to add Stork values String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry; - Logger.info("Building STORK identification from:" + basisbegriff); + Logger.info("Building STORK identification from: [identValue]+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry); try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); @@ -182,6 +185,8 @@ public class BPKBuilder { } catch (Exception ex) { throw new BuildException("builder.00", new Object[]{"storkid", ex.toString()}, ex); } + */ + return eIdentifier; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index ba347c9e5..81ef5e408 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.builder; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; /** @@ -79,7 +80,7 @@ public class InfoboxReadRequestBuilder implements Constants { * @return <InfoboxReadRequest> as String */ public String build(boolean businessService, String identityLinkDomainIdentifier) { - + Logger.info("Building InfoBoxReadRequest"); String slPrefix; String slNsDeclaration; @@ -144,6 +145,7 @@ public class InfoboxReadRequestBuilder implements Constants { * */ public String buildStorkReadRequest(String identityLinkDomainIdentifier) { + Logger.info("Building Stork InfoBoxReadRequest for " + identityLinkDomainIdentifier); String slPrefix; String slNsDeclaration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index b3d831b80..618311a28 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -162,3 +162,4 @@ public class StorkAttributeRequestProvider implements AttributeProvider { } } + -- cgit v1.2.3 From 2364aa253e1ea8e6d578450674028c6724cfbabc Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Mar 2014 15:27:15 +0100 Subject: fixed nullpointerex in SignedDocAPPlugin --- .../moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java index f629db5a4..43f6a5984 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java @@ -84,7 +84,7 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { values.add(signResponse); Logger.debug("Assembling signedDoc attribute"); - PersonalAttribute signedDocAttribute = new PersonalAttribute(requestedAttribute.getName(), requestedAttribute.isRequired(), values, + PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, "Available"); // pack and return the result -- cgit v1.2.3 From 97c4024c8ab745cdd5bd8126bb4af18f11387040 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Mar 2014 15:27:47 +0100 Subject: refactored velocityprovider location --- .../moa/id/auth/AuthenticationServer.java | 2 +- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 2 +- .../moa/id/auth/stork/VelocityProvider.java | 112 --------------------- .../id/protocols/pvp2x/binding/PostBinding.java | 15 +-- .../id/protocols/stork2/AttributeCollector.java | 2 +- .../moa/id/protocols/stork2/ConsentEvaluator.java | 2 +- .../stork2/MandateAttributeRequestProvider.java | 2 +- .../stork2/SignedDocAttributeRequestProvider.java | 2 +- .../stork2/StorkAttributeRequestProvider.java | 2 +- .../egovernment/moa/id/util/VelocityProvider.java | 112 +++++++++++++++++++++ 10 files changed, 121 insertions(+), 132 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 67a29f81a..306b0489d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -75,7 +75,6 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; -import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; @@ -104,6 +103,7 @@ import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 197e4cda7..fb0d4cd1b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -51,7 +51,6 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; -import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -59,6 +58,7 @@ import at.gv.egovernment.moa.id.moduls.ModulUtils; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.xmldsig.SignatureType; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java deleted file mode 100644 index 534121443..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java +++ /dev/null @@ -1,112 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2011 by Graz University of Technology, Austria - * The Austrian STORK Modules have been developed by the E-Government - * Innovation Center EGIZ, a joint initiative of the Federal Chancellery - * Austria and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -/** - * - */ -package at.gv.egovernment.moa.id.auth.stork; - -import org.apache.velocity.app.VelocityEngine; -import org.apache.velocity.runtime.RuntimeConstants; - -/** - * Gets a Velocity Engine - * - * @author bzwattendorfer - * - */ -public class VelocityProvider { - - /** - * Gets velocityEngine from Classpath - * @return VelocityEngine - * @throws Exception - */ - public static VelocityEngine getClassPathVelocityEngine() throws Exception { - VelocityEngine velocityEngine = getBaseVelocityEngine(); - velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); - velocityEngine.setProperty("classpath.resource.loader.class", - "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); - - velocityEngine.init(); - - return velocityEngine; - } - - /** - * Gets VelocityEngine from File - * @param rootPath File Path to template file - * @return VelocityEngine - * @throws Exception - */ - public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception { - VelocityEngine velocityEngine = getBaseVelocityEngine(); - velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file"); - velocityEngine.setProperty("file.resource.loader.class", - "org.apache.velocity.runtime.resource.loader.FileResourceLoader"); - velocityEngine.setProperty("file.resource.loader.path", rootPath); - - velocityEngine.init(); - - return velocityEngine; - } - - /** - * Gets a basic VelocityEngine - * @return VelocityEngine - */ - private static VelocityEngine getBaseVelocityEngine() { - VelocityEngine velocityEngine = new VelocityEngine(); - velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); - velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, - "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); - - return velocityEngine; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index af29054e1..6bbbee302 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -26,7 +26,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.velocity.app.VelocityEngine; -import org.apache.velocity.runtime.RuntimeConstants; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; @@ -49,6 +48,7 @@ import org.opensaml.xml.security.credential.Credential; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; public class PostBinding implements IDecoder, IEncoder { @@ -70,18 +70,7 @@ public class PostBinding implements IDecoder, IEncoder { Logger.debug("create SAML POSTBinding response"); - // VelocityEngine engine = - // VelocityProvider.getClassPathVelocityEngine(); - VelocityEngine engine = new VelocityEngine(); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); - engine.setProperty("classpath.resource.loader.class", - "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); - engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, - "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); - engine.init(); + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); HTTPPostEncoder encoder = new HTTPPostEncoder(engine, "resources/templates/pvp_postbinding_template.html"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 4bf193e9e..31114a319 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -7,13 +7,13 @@ import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PEPSUtil; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index bcf086b56..9a3376e4c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -5,13 +5,13 @@ import java.util.ArrayList; import java.util.HashMap; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java index d3eded934..e691f87e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -2,9 +2,9 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; import eu.stork.peps.auth.commons.*; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java index 43f6a5984..01297c963 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java @@ -15,8 +15,8 @@ import org.apache.velocity.app.VelocityEngine; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 618311a28..449fef1cb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -10,9 +10,9 @@ import org.apache.velocity.app.VelocityEngine; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java new file mode 100644 index 000000000..231f36fa8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java @@ -0,0 +1,112 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/** + * + */ +package at.gv.egovernment.moa.id.util; + +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; + +/** + * Gets a Velocity Engine + * + * @author bzwattendorfer + * + */ +public class VelocityProvider { + + /** + * Gets velocityEngine from Classpath + * @return VelocityEngine + * @throws Exception + */ + public static VelocityEngine getClassPathVelocityEngine() throws Exception { + VelocityEngine velocityEngine = getBaseVelocityEngine(); + velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + velocityEngine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + + velocityEngine.init(); + + return velocityEngine; + } + + /** + * Gets VelocityEngine from File + * @param rootPath File Path to template file + * @return VelocityEngine + * @throws Exception + */ + public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception { + VelocityEngine velocityEngine = getBaseVelocityEngine(); + velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file"); + velocityEngine.setProperty("file.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.FileResourceLoader"); + velocityEngine.setProperty("file.resource.loader.path", rootPath); + + velocityEngine.init(); + + return velocityEngine; + } + + /** + * Gets a basic VelocityEngine + * @return VelocityEngine + */ + private static VelocityEngine getBaseVelocityEngine() { + VelocityEngine velocityEngine = new VelocityEngine(); + velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, + "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); + + return velocityEngine; + } + +} -- cgit v1.2.3 From 185aa361aec65c967d2908f69db4abbe9d3d9b2e Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Mar 2014 18:32:14 +0100 Subject: introduced log4j logging system --- .../at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java | 1 - .../egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java | 1 - .../gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 1 - .../moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java | 1 - .../gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java | 3 --- .../moa/id/protocols/stork2/MandateAttributeRequestProvider.java | 2 -- .../egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java | 1 - .../java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java | 1 - .../moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java | 3 --- .../moa/id/protocols/stork2/StorkAttributeRequestProvider.java | 3 --- 10 files changed, 17 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 31114a319..1d9e31674 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -99,7 +99,6 @@ public class AttributeCollector implements IAction { * @throws MOAIDException */ public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { - Logger.setHierarchy("moa.id.protocols.stork2"); // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 7fb7a7bc6..a339cff23 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -60,7 +60,6 @@ public class AttributeProviderFactory { */ public static List getConfiguredPlugins( List configuredAPs) { - Logger.setHierarchy("moa.id.protocols.stork2"); List result = new ArrayList(); for (AttributeProviderPlugin current : configuredAPs) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 88c0e889d..5e49fe413 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -39,7 +39,6 @@ public class AuthenticationRequest implements IAction { public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - Logger.setHierarchy("moa.id.protocols.stork2"); this.moaSession = moasession; if (req instanceof MOASTORKRequest) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index f7d105ab8..a257474e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -71,7 +71,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { throw new UnsupportedAttributeException(); try { - Logger.setHierarchy("moa.id.protocols.stork2"); Logger.debug("initializing SOAP connections..."); // create SOAP connection SOAPConnection soapConnection = SOAPConnectionFactory.newInstance().createConnection(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 44b140548..873ec1e26 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -43,7 +43,6 @@ public class MOAAttributeProvider { public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) { String storkAttribute = requestedAttribute.getName(); - Logger.setHierarchy("moa.id.protocols.stork2"); if (storkAttributeSimpleMapping.containsKey(storkAttribute)) { Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]"); try { @@ -70,7 +69,6 @@ public class MOAAttributeProvider { } private String geteIdentifier() { - Logger.setHierarchy("moa.id.protocols.stork2"); Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry()); try { return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkRequest.getStorkAuthnRequest().getSpCountry()); @@ -82,7 +80,6 @@ public class MOAAttributeProvider { private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) { - Logger.setHierarchy("moa.id.protocols.stork2"); try { String attributeValue = method.invoke(object, new Class[]{}).toString(); PersonalAttribute newAttribute = new PersonalAttribute(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java index e691f87e1..0e94600db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -37,7 +37,6 @@ public class MandateAttributeRequestProvider implements AttributeProvider { private PersonalAttributeList requestedAttributes; public MandateAttributeRequestProvider(String aPurl, String supportedAttributes) throws MOAIDException { - Logger.setHierarchy("moa.id.protocols.stork2"); destination = aPurl; attributes = supportedAttributes; } @@ -64,7 +63,6 @@ public class MandateAttributeRequestProvider implements AttributeProvider { } public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - Logger.setHierarchy("moa.id.protocols.stork2"); String spSector = "Business"; String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java index 4e99cc8aa..3bd1686b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -14,7 +14,6 @@ import javax.servlet.http.HttpServletResponse; */ public class MandateRetrievalRequest implements IAction { public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - Logger.setHierarchy("moa.id.protocols.stork2"); Logger.info("Entering mandateretrievalrequest"); return null; // } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index ec77109af..5b844580d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -58,7 +58,6 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { and other info are obtained, in the second step the request will be processed and the user redirected */ public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { - Logger.setHierarchy("moa.id.protocols.stork2"); Logger.info("Starting preprocessing for Stork2 protocol"); Logger.debug("Request method: " + request.getMethod()); Logger.debug("Request content length: " + request.getContentLength()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java index 01297c963..89eb07815 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java @@ -75,7 +75,6 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { * .servlet.http.HttpServletRequest) */ public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { - Logger.setHierarchy("moa.id.protocols.stork2"); Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request"); try { @@ -107,8 +106,6 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - Logger.setHierarchy("moa.id.protocols.stork2"); - try { Logger.trace("Initialize VelocityEngine..."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index 449fef1cb..c0e613b82 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -73,7 +73,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider { */ public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { - Logger.setHierarchy("moa.id.protocols.stork2"); Logger.info(this.getClass().getSimpleName() + " tries to extract SAMLResponse out of HTTP Request"); //extract STORK Response from HTTP Request @@ -107,8 +106,6 @@ public class StorkAttributeRequestProvider implements AttributeProvider { */ public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - Logger.setHierarchy("moa.id.protocols.stork2"); - String spSector = "Business"; String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; -- cgit v1.2.3 From 05f8b895f82b67637e5758810139c30c29be9f1a Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 21 Mar 2014 08:34:53 +0100 Subject: refactored eHVD plugin to use jaxb --- .../stork2/EHvdAttributeProviderPlugin.java | 67 +++++++--------------- 1 file changed, 22 insertions(+), 45 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index a257474e3..5e9d9404c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -8,8 +8,8 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.namespace.QName; -import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; import javax.xml.soap.MessageFactory; import javax.xml.soap.SOAPBody; import javax.xml.soap.SOAPConnection; @@ -18,16 +18,6 @@ import javax.xml.soap.SOAPElement; import javax.xml.soap.SOAPEnvelope; import javax.xml.soap.SOAPMessage; import javax.xml.soap.SOAPPart; -import javax.xml.transform.Result; -import javax.xml.transform.Source; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; - import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -36,6 +26,8 @@ import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.complex.attributes.IsHealthCareProfessionalType; +import eu.stork.peps.complex.attributes.ObjectFactory; /** * Fetches the attribute IsHealthcareProfessional from the BAGDAD SOAP service @@ -141,7 +133,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { SOAPElement resultElement = (SOAPElement) responseElement.getChildElements().next(); // collect all info in a map - Iterator it = resultElement.getChildElements(); + Iterator it = resultElement.getChildElements(); Map collection = new HashMap(); while (it.hasNext()) { SOAPElement current = (SOAPElement) it.next(); @@ -168,43 +160,29 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { acquiredAttribute = new PersonalAttribute("isHealthCareProfessional", false, new ArrayList(), "NotAvailable"); } else { // go on and parse the data + IsHealthCareProfessionalType result = new IsHealthCareProfessionalType(); + result.setNameOfOrganisation(collection.get("NameOfOrganisation")); - Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); - - // create the root element - Element root = doc.createElement("isHealthCareProfessional"); - doc.appendChild(root); - - Element orgname = doc.createElement("nameOfOrganisation"); - orgname.appendChild(doc.createTextNode(collection.get("NameOfOrganisation"))); - root.appendChild(orgname); - - Element type = doc.createElement("HCP"); - // TODO fix value mapping if (collection.get("Type").equals("Medical doctor")) - type.appendChild(doc.createTextNode("D")); - root.appendChild(type); + result.setHCPType("D"); + else + result.setHCPType("?"); - Element specialization = doc.createElement("specialisation"); if (collection.get("Specialization").contains("Arzt für Allgemeinmedizin")) - specialization.appendChild(doc.createTextNode("GP")); - root.appendChild(specialization); - - Element aqaa = doc.createElement("AQAA"); - aqaa.appendChild(doc.createTextNode("4")); - root.appendChild(aqaa); + result.setSpecialisation("GP"); + else + result.setSpecialisation("??"); - // get string from dom tree - Source source = new DOMSource(doc); - StringWriter out = new StringWriter(); - Result result = new StreamResult(out); - - TransformerFactory tFactory = TransformerFactory.newInstance(); - Transformer transformer = tFactory.newTransformer(); - transformer.transform(source, result); + result.setAQAA(4); + final Marshaller m = JAXBContext.newInstance(IsHealthCareProfessionalType.class).createMarshaller(); + m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); + + StringWriter stringWriter = new StringWriter(); + m.marshal(new ObjectFactory().createIsHealthCareProfessional(result), stringWriter); + ArrayList value = new ArrayList(); - value.add(out.toString()); + value.add(stringWriter.toString()); acquiredAttribute = new PersonalAttribute("isHealthCareProfessional", false, value, "Available"); } @@ -212,12 +190,11 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { // pack and return the result PersonalAttributeList result = new PersonalAttributeList(); result.add(acquiredAttribute); - + // add stork id for verification ArrayList value = new ArrayList(); value.add(new BPKBuilder().buildStorkbPK(moasession.getIdentityLink().getIdentificationValue(), spCountryCode)); result.add(new PersonalAttribute("eIdentifier", false, value, "Available")); - return result; } catch (Exception e) { -- cgit v1.2.3