From 864ec32bc1e902615c2af23341f55faeaa81a120 Mon Sep 17 00:00:00 2001
From: Bojan Suzic <bojan.suzic@iaik.tugraz.at>
Date: Thu, 17 Apr 2014 14:12:59 +0200
Subject: refactoring moastorkresponse
---
.../id/protocols/stork2/AuthenticationRequest.java | 191 +++++++++++----------
1 file changed, 104 insertions(+), 87 deletions(-)
(limited to 'id/server/idserverlib/src')
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index efa77577e..dc30e4e12 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -25,6 +25,7 @@ import org.w3c.dom.NamedNodeMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
import java.io.StringWriter;
import java.security.NoSuchAlgorithmException;
@@ -48,6 +49,11 @@ public class AuthenticationRequest implements IAction {
this.moaSession = moasession;
+ Logger.info("CPEPS " + AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS("SI").getPepsURL().toString());
+
+
+ //AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().
+
if ((req instanceof MOASTORKRequest) && !((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) {
this.moaStorkRequest = (MOASTORKRequest) req;
@@ -155,36 +161,37 @@ public class AuthenticationRequest implements IAction {
// preparing redirection for the client
+
+ //STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest();
+
try {
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
- Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
- VelocityContext context = new VelocityContext();
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+ Logger.debug("Starting generation of SAML request");
+ storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest);
- //STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest();
+ //generateSAML Token
+ Logger.info("SAML response succesfully generated!");
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Failed to generate STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null);
+ }
- try {
- //Get SAMLEngine instance
- STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
- Logger.debug("Starting generation of SAML request");
- storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest);
-
- //generateSAML Token
- Logger.info("SAML response succesfully generated!");
- } catch (STORKSAMLEngineException e) {
- Logger.error("Failed to generate STORK SAML Response", e);
- throw new MOAIDException("stork.05", null);
- }
+ // store original request from sp in order to be able to extract it in later iteration/response
+ try {
+ AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), originalRequest);
+ Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request");
+ } catch (MOADatabaseException e) {
+ e.printStackTrace();
+ }
- // store original request from sp in order to be able to extract it in later iteration/response
- try {
- AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), originalRequest);
- Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request");
- } catch (MOADatabaseException e) {
- e.printStackTrace();
- }
+ byte[] blob;
+ try {
- byte[] blob;
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
blob = storkAuthnRequest.getTokenSaml();
context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(blob));
@@ -209,91 +216,101 @@ public class AuthenticationRequest implements IAction {
}
return "xxxx";// TODO
- } // check if we got the response from peps, if so then process it and forward to sp
- else if ((req instanceof MOASTORKResponse)) {
-
- MOASTORKResponse moastorkResponse = (MOASTORKResponse) req;
-
-
- STORKAuthnResponse authnResponse = null;
- // check if valid authn request is contained
+ } else if ((req instanceof MOASTORKResponse)) {
+ // Check if we got the response from PEPS
+ // If so then process it and forward to SP
- //Get SAMLEngine instance
- STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
-
- try {
- authnResponse = engine.validateSTORKAuthnResponse(moastorkResponse.getSTORKAuthnResponseToken(), httpReq.getRemoteAddr());
- } catch (STORKSAMLEngineException ex) {
- Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage());
- }
+ return handleMOAStorkResponse("VIDP", (MOASTORKResponse) req, httpReq.getRemoteAddr(), httpResp);
+ } else {
+ Logger.error("Could not recognize request.");
+ throw new MOAIDException("stork.15", null);
+ }
+ }
- Logger.info("Requesting artifactId " + authnResponse.getInResponseTo() + " from store.");
+ /*
+ Handles STORKAuthnResponse received from PEPS (return to SP)
+ */
+ private String handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
- DataContainer dataContainer = null;
+ STORKAuthnResponse authnResponse = null;
- try {
- dataContainer = AssertionStorage.getInstance().get(authnResponse.getInResponseTo(), DataContainer.class);
- } catch (MOADatabaseException e) {
- e.printStackTrace();
- }
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance(instanceName);
- authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId());
- authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL());
+ try {
+ authnResponse = engine.validateSTORKAuthnResponse(moastorkResponse.getSTORKAuthnResponseToken(), remoteAddr);
+ } catch (STORKSAMLEngineException ex) {
+ Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage());
+ throw new MOAIDException("stork.15", null); // TODO
+ }
+ Logger.debug("Requesting artifactId " + authnResponse.getInResponseTo() + " from store.");
- try {
- //Get SAMLEngine instance
- STORKSAMLEngine engine2 = STORKSAMLEngine.getInstance("VIDP");
- Logger.debug("Starting generation of SAML response");
+ DataContainer dataContainer = null;
+ try {
+ dataContainer = AssertionStorage.getInstance().get(authnResponse.getInResponseTo(), DataContainer.class);
+ } catch (MOADatabaseException e) {
+ Logger.error("Unable to retrieve datacontainer with reference authentication request. Database exception.");
+ throw new MOAIDException("stork.15", null); // TODO
+ }
- authnResponse = engine2.generateSTORKAuthnResponse(dataContainer.getRequest().getStorkAuthnRequest(), authnResponse, httpReq.getRemoteAddr(), false);
+ // setting new reference request and return url
+ authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId());
+ authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL());
- //generateSAML Token
- Logger.info("SAML response succesfully generated!");
- } catch (STORKSAMLEngineException e) {
- Logger.error("Failed to generate STORK SAML Response", e);
- throw new MOAIDException("stork.05", null);
- }
+ Logger.debug("Starting generation of SAML response");
+ try {
+ authnResponse = engine.generateSTORKAuthnResponse(dataContainer.getRequest().getStorkAuthnRequest(), authnResponse, remoteAddr, false);
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Failed to generate STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null); // TODO check
+ }
- // preparing redirection for the client
- try {
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
- Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
- VelocityContext context = new VelocityContext();
+ Logger.info("SAML response succesfully generated.");
- byte[] blob;
- blob = authnResponse.getTokenSaml();
+ // preparing redirection for the client
+ performRedirection("SAMLResponse", dataContainer.getRequest().getAssertionConsumerServiceURL(), authnResponse.getTokenSaml(), httpResp);
+ return "yyyyy"; // TODO
+ }
- context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob));
- Logger.debug("SAMLResponse original: " + new String(blob));
+ /*
+ Perform redirection of the client based on post binding
+ */
+ private void performRedirection(String actionType, String assertionConsumerURL, byte[] tokenSaml, HttpServletResponse httpResp) throws MOAIDException {
+ Logger.info("Performing redirection, using action type: " + actionType);
- Logger.debug("Putting assertion consumer url as action: " + dataContainer.getRequest().getAssertionConsumerServiceURL());
- context.put("action", dataContainer.getRequest().getAssertionConsumerServiceURL());
+ try {
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
- Logger.debug("Starting template merge");
- StringWriter writer = new StringWriter();
+ context.put(actionType, PEPSUtil.encodeSAMLToken(tokenSaml));
+ Logger.debug("Encoded " + actionType + " original: " + new String(tokenSaml));
- Logger.debug("Doing template merge");
- template.merge(context, writer);
- Logger.debug("Template merge done");
+ Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL);
+ context.put("action", assertionConsumerURL);
- Logger.debug("Sending html content: " + writer.getBuffer().toString());
- Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
+ Logger.debug("Starting template merge");
+ StringWriter writer = new StringWriter();
- httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+ Logger.debug("Doing template merge");
+ template.merge(context, writer);
+ Logger.debug("Template merge done");
- } catch (Exception e) {
- Logger.error("Velocity error: " + e.getMessage());
- }
+ Logger.debug("Sending html content: " + writer.getBuffer().toString());
+ Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
- return "yyyyy"; // TODO
- } else {
- Logger.error("Could not recognize request.");
- throw new MOAIDException("stork.15", null);
+ } catch (IOException e) {
+ Logger.error("Velocity IO error: " + e.getMessage());
+ throw new MOAIDException("stork.15", null); // TODO
+ } catch (Exception e) {
+ Logger.error("Velocity general error: " + e.getMessage());
+ throw new MOAIDException("stork.15", null); // TODO
}
- }
+ }
public void generatePEPSRedirect(HttpServletResponse httpResp, DataContainer container) throws MOAIDException {
MOASTORKRequest request = container.getRequest();
--
cgit v1.2.3