From 36fccc971da91b5bfa0eb2adbee2c086e2ac3862 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 26 Jun 2013 09:53:54 +0200 Subject: PVP2 Mandates prof rep done --- .../protocols/pvp2x/binding/ArtifactBinding.java | 4 +- .../id/protocols/pvp2x/binding/SoapBinding.java | 5 -- .../pvp2x/builder/PVPAttributeBuilder.java | 2 + .../MandateFullMandateAttributeBuilder.java | 48 ++++++++++++++++ .../MandateProfRepDescAttributeBuilder.java | 17 +++--- .../MandateProfRepOIDAttributeBuilder.java | 18 +++--- .../pvp2x/exceptions/RequestDeniedException.java | 17 ++++++ .../pvp2x/requestHandler/ArtifactResolution.java | 39 ++++++++----- .../pvp2x/requestHandler/RequestManager.java | 1 + .../protocols/pvp2x/utils/AttributeExtractor.java | 66 ++++++++++++++++++++++ .../resources/properties/id_messages_de.properties | 3 +- 11 files changed, 185 insertions(+), 35 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java (limited to 'id/server/idserverlib/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java index e9d802e17..1d51d91f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java @@ -7,6 +7,7 @@ import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.StatusResponseType; @@ -61,11 +62,10 @@ public class ArtifactBinding implements IDecoder, IEncoder { BasicSAMLMessageContext context = new BasicSAMLMessageContext(); SingleSignOnService service = new SingleSignOnServiceBuilder() .buildObject(); - service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"); + service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI); service.setLocation(targetLocation); context.setOutboundSAMLMessageSigningCredential(credentials); context.setPeerEntityEndpoint(service); - // context.setOutboundMessage(authReq); context.setOutboundSAMLMessage(response); context.setOutboundMessageTransport(responseAdapter); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index 0820b5d4f..04ec3eaee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -73,12 +73,7 @@ public class SoapBinding implements IDecoder, IEncoder { HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( resp, true); BasicSAMLMessageContext context = new BasicSAMLMessageContext(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); - service.setLocation(targetLocation); context.setOutboundSAMLMessageSigningCredential(credentials); - context.setPeerEntityEndpoint(service); context.setOutboundSAMLMessage(response); context.setOutboundMessageTransport(responseAdapter); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 8bdfe3e5d..1962d1c7b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNat import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; @@ -63,6 +64,7 @@ public class PVPAttributeBuilder { addBuilder(new MandateProfRepOIDAttributeBuilder()); addBuilder(new MandateProfRepDescAttributeBuilder()); addBuilder(new MandateReferenceValueAttributeBuilder()); + addBuilder(new MandateFullMandateAttributeBuilder()); } public static Attribute buildAttribute(String name, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java new file mode 100644 index 000000000..9e51f97ae --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.io.IOException; + +import javax.xml.transform.TransformerException; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; + +public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_FULL_MANDATE_NAME; + } + + public Attribute build(AuthenticationSession authSession) + throws PVP2Exception { + if (authSession.getUseMandate()) { + if (authSession.getMandate() != null) { + String fullMandate; + try { + fullMandate = DOMUtils.serializeNode(authSession + .getMandate()); + return buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + MANDATE_FULL_MANDATE_NAME, fullMandate); + } catch (TransformerException e) { + Logger.error("Failed to generate Full Mandate", e); + } catch (IOException e) { + Logger.error("Failed to generate Full Mandate", e); + } + } + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + MANDATE_FULL_MANDATE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java index 8588b6424..6a066874a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -3,11 +3,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder { @@ -21,14 +21,17 @@ public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder { if(mandate == null) { throw new NoMandateDataAvailableException(); } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + + String text = AttributeExtractor.extractSAMLAttributeOA( + ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, + authSession); + + if(text == null) { + return null; } - //TODO: extract PROF REP DESCRIPTION return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, - MANDATE_PROF_REP_DESC_NAME, "TODO"); + MANDATE_PROF_REP_DESC_NAME, text); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java index 9f655761b..ddc7f6671 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -3,11 +3,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder { @@ -21,14 +21,17 @@ public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder { if(mandate == null) { throw new NoMandateDataAvailableException(); } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + + String oid = AttributeExtractor.extractSAMLAttributeOA( + ParepValidator.EXT_SAML_MANDATE_OID, + authSession); + + if(oid == null) { + return null; } - //TODO: extract PROF REP OID return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, - MANDATE_PROF_REP_OID_NAME, "TODO"); + MANDATE_PROF_REP_OID_NAME, oid); } return null; @@ -40,3 +43,4 @@ public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder { MANDATE_PROF_REP_OID_NAME); } } + \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java new file mode 100644 index 000000000..61c41d82b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class RequestDeniedException extends PVP2Exception { + + public RequestDeniedException() { + super("pvp2.14", null); + this.statusCodeValue = StatusCode.REQUEST_DENIED_URI; + } + + /** + * + */ + private static final long serialVersionUID = 4415896615794730553L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java index 3d2bd33b0..c18296383 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java @@ -8,9 +8,13 @@ import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry import org.opensaml.saml2.core.ArtifactResolve; import org.opensaml.saml2.core.ArtifactResponse; +import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; public class ArtifactResolution implements IRequestHandler { @@ -19,24 +23,33 @@ public class ArtifactResolution implements IRequestHandler { } public void process(MOARequest obj, HttpServletRequest req, - HttpServletResponse resp) { - if(!handleObject(obj)) { - // TODO: throw exception - return; + HttpServletResponse resp) throws MOAIDException { + if (!handleObject(obj)) { + throw new MOAIDException("pvp2.13", null); } - - ArtifactResolve artifactResolve = (ArtifactResolve)obj.getSamlRequest(); + + ArtifactResolve artifactResolve = (ArtifactResolve) obj + .getSamlRequest(); String artifactID = artifactResolve.getArtifact().getArtifact(); - + PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance(); - if(!pvpAssertion.contains(artifactID)) { - // TODO: send not found ... + + if (!pvpAssertion.contains(artifactID)) { + throw new RequestDeniedException(); } else { - SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID); - ArtifactResponse response = SAML2Utils.createSAMLObject(ArtifactResponse.class); - response.setMessage(assertion.getSamlMessage()); - response.setIssueInstant(new DateTime()); + try { + SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID); + ArtifactResponse response = SAML2Utils + .createSAMLObject(ArtifactResponse.class); + response.setMessage(assertion.getSamlMessage()); + response.setIssueInstant(new DateTime()); + SoapBinding encoder = new SoapBinding(); + encoder.encodeRespone(req, resp, response, null); + } catch (Exception e) { + Logger.error("Failed to resolve artifact", e); + } } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java index 29c960dd6..9121f7558 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java @@ -27,6 +27,7 @@ public class RequestManager { private RequestManager() { handler = new ArrayList(); handler.add(new AuthnRequestHandler()); + handler.add(new ArtifactResolution()); } public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java new file mode 100644 index 000000000..a59fc17c5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java @@ -0,0 +1,66 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.util.Iterator; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; + +public class AttributeExtractor { + + public static String extractSAMLAttributeOA(String name, + AuthenticationSession authSession) { + List extAttributes = authSession.getExtendedSAMLAttributesOA(); + if(extAttributes == null) { + return null; + } + Iterator extAttributesIt = extAttributes.iterator(); + String value = null; + while(extAttributesIt.hasNext()) { + Object attr = extAttributesIt.next(); + if(attr instanceof ExtendedSAMLAttribute) { + ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; + if(extAttribute.getName().equals(name)) { + if(extAttribute.getValue() instanceof String) { + return extAttribute.getValue().toString(); + } + break; + } + } + } + return null; + } + + public static String extractSAMLAttributeAUTH(String name, + AuthenticationSession authSession) { + List extAttributes = authSession.getExtendedSAMLAttributesAUTH(); + if(extAttributes == null) { + return null; + } + Iterator extAttributesIt = extAttributes.iterator(); + String value = null; + while(extAttributesIt.hasNext()) { + Object attr = extAttributesIt.next(); + if(attr instanceof ExtendedSAMLAttribute) { + ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; + if(extAttribute.getName().equals(name)) { + if(extAttribute.getValue() instanceof String) { + return extAttribute.getValue().toString(); + } + break; + } + } + } + return null; + } + + public static String extractSAMLAttributeBOTH(String name, + AuthenticationSession authSession) { + String value = extractSAMLAttributeOA(name, authSession); + if(value == null) { + value = extractSAMLAttributeAUTH(name, authSession); + } + return value; + } +} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index aa0418e77..369cbd5b6 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -199,4 +199,5 @@ pvp2.09=SAML Anfrage wird nicht unterstuetzt pvp2.10=Attribut {0} nicht verfuegbar pvp2.11=Binding {0} wird nicht unterstuetzt pvp2.12=NameID Format {0} wird nicht unterstuetzt -pvp2.13=Interner Server Fehler \ No newline at end of file +pvp2.13=Interner Server Fehler +pvp2.14=SAML Anfrage verweigert \ No newline at end of file -- cgit v1.2.3