From c900f870b2e64c2e25820b8162d8f0444c0dc7d4 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Mar 2014 16:03:08 +0100 Subject: aatributes --- .../id/protocols/stork2/AuthenticationRequest.java | 112 +++++++++++---------- .../stork2/DemoNoRedirectAttributeProvider.java | 3 - .../stork2/DemoRedirectAttributeProvider.java | 3 - .../id/protocols/stork2/MISAttributeProvider.java | 27 +++++ .../moa/id/protocols/stork2/MOASTORKRequest.java | 15 ++- .../moa/id/protocols/stork2/STORKProtocol.java | 22 ++-- .../resources/properties/id_messages_de.properties | 2 + 7 files changed, 110 insertions(+), 74 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java (limited to 'id/server/idserverlib/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 91326a51d..d33b33c77 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -33,88 +33,96 @@ public class AuthenticationRequest implements IAction { private VelocityEngine velocityEngine; - private AuthenticationSession moaSession; - private MOASTORKRequest moaStorkRequest; + private AuthenticationSession moaSession = null; + private MOASTORKRequest moaStorkRequest = null; public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { this.moaSession = moasession; - this.moaStorkRequest = (MOASTORKRequest) req; - if (moasession.getUseMandate()) { - try { - MISMandate mandate = moasession.getMISMandate(); - String owbpk = mandate.getOWbPK(); - byte[] mand = mandate.getMandate(); - String profprep = mandate.getProfRep(); - //String textdesc = mandate.getTextualDescriptionOfOID(); - Element mndt = moasession.getMandate(); - - iterate(mndt.getAttributes()); - Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); - } catch (Exception x) { - Logger.debug("There is no mandate used in transaction"); + if (req instanceof MOASTORKRequest) { + + this.moaStorkRequest = (MOASTORKRequest) req; + + + if (moasession.getUseMandate()) { + try { + MISMandate mandate = moasession.getMISMandate(); + String owbpk = mandate.getOWbPK(); + byte[] mand = mandate.getMandate(); + String profprep = mandate.getProfRep(); + //String textdesc = mandate.getTextualDescriptionOfOID(); + Element mndt = moasession.getMandate(); + + iterate(mndt.getAttributes()); + Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); + } catch (Exception x) { + Logger.debug("There is no mandate used in transaction"); + } } - } - Logger.debug("Starting AuthenticationRequest"); - httpResp.reset(); + Logger.debug("Starting AuthenticationRequest"); + httpResp.reset(); - STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry(((MOASTORKRequest) req).getStorkAuthnRequest().getSpCountry()); + STORKAuthnResponse authnResponse = new STORKAuthnResponse(); + authnResponse.setCountry(moaStorkRequest.getStorkAuthnRequest().getSpCountry()); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); - // Prepare basic AT attributes - try { - IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); - Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); + // Prepare basic AT attributes + try { + IPersonalAttributeList moaAttrList = moasession.getStorkAttributes(); + Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); - for (PersonalAttribute personalAttribute : moaAttrList) { - Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); - if (personalAttribute.getValue().size() > 0) { - for (String value : personalAttribute.getValue()) { - Logger.info(" Value found: " + value); + for (PersonalAttribute personalAttribute : moaAttrList) { + Logger.info("Personal attribute found: " + personalAttribute.getName() + personalAttribute.getStatus()); + if (personalAttribute.getValue().size() > 0) { + for (String value : personalAttribute.getValue()) { + Logger.info(" Value found: " + value); + } } } - } - } catch (Exception e) { - Logger.error("Exception, attributes: " + e.getMessage()); - } + } catch (Exception e) { + Logger.error("Exception, attributes: " + e.getMessage()); + } - // Get personal attributtes from MOA/IdentityLink - authnResponse.setPersonalAttributeList(populateAttributes()); + // Get personal attributtes from MOA/IdentityLink + authnResponse.setPersonalAttributeList(populateAttributes()); - // Prepare extended attributes - Logger.debug("Preparing data container"); + // Prepare extended attributes + Logger.debug("Preparing data container"); - // create fresh container - DataContainer container = new DataContainer(); + // create fresh container + DataContainer container = new DataContainer(); - // - fill in the request we extracted above - container.setRequest(((MOASTORKRequest) req).getStorkAuthnRequest()); + // - fill in the request we extracted above + container.setRequest(moaStorkRequest.getStorkAuthnRequest()); - // - fill in the partial response created above - container.setResponse(authnResponse); + // - fill in the partial response created above + container.setResponse(authnResponse); - // - memorize the target url were we have to return the result - container.setTarget(((MOASTORKRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + // - memorize the target url were we have to return the result + container.setTarget(moaStorkRequest.getStorkAuthnRequest().getAssertionConsumerServiceURL()); - container.setRemoteAddress(httpReq.getRemoteAddr()); + container.setRemoteAddress(httpReq.getRemoteAddr()); - Logger.debug("Data container prepared"); + Logger.debug("Data container prepared"); - return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + } else { + Logger.error("Could not recognize request."); + throw new MOAIDException("stork.15", null); + } } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java index 669a9389b..9c0869d97 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java @@ -20,7 +20,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - @Override public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession) throws UnsupportedAttributeException { PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); @@ -31,7 +30,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ - @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) { // TODO Auto-generated method stub return null; @@ -40,7 +38,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) { // we should not get here diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java index 2f6b69075..26fc00406 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java @@ -20,7 +20,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - @Override public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { throw new ExternalAttributeRequestRequiredException(this); @@ -29,7 +28,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) */ - @Override public IPersonalAttributeList parse(HttpServletRequest httpReq) { PersonalAttributeList requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList(), "")); @@ -39,7 +37,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) { // we should not get here diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java new file mode 100644 index 000000000..7665bb239 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Implements Attribute Provider for Mandates + */ +public class MISAttributeProvider implements AttributeProvider { + public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + return null; // + } + + public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { + // + } + + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { + return null; // + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 8c7fd8706..1776d958c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -1,11 +1,13 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAuthnRequest; /** - * Implements MOA request and stores StorkAuthnRequest related data + * Implements MOA request and stores StorkAuthn/Attr-Request related data * * @author bsuzic */ @@ -32,7 +34,6 @@ public class MOASTORKRequest implements IRequest { if (request != null) { isAttrRequest = true; } - } public boolean isAttrRequest() { @@ -49,8 +50,14 @@ public class MOASTORKRequest implements IRequest { } public String getOAURL() { - - return storkAuthnRequest.getAssertionConsumerServiceURL(); + if (isAuthnRequest) + return storkAuthnRequest.getAssertionConsumerServiceURL(); + else if (isAttrRequest) + return storkAttrQueryRequest.getAssertionConsumerServiceURL(); + else { + Logger.error("There is no authentication or attribute request contained in MOASTORKRequest."); + return null; + } } public boolean isPassiv() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 3b9a5bc29..e68b66510 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -6,9 +6,7 @@ import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.STORKAttrQueryRequest; -import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -93,14 +91,15 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { } //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming"); + STORKSAMLEngine authnEngine = STORKSAMLEngine.getInstance("incoming"); + STORKSAMLEngine attrEngine = STORKSAMLEngine.getInstance("incoming_attr"); STORKAuthnRequest authnRequest = null; STORKAttrQueryRequest attrRequest = null; // check if valid authn request is contained try { - authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); + authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); } @@ -108,17 +107,16 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { // check if a valid attr request is container try { - attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); + attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); } - - Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL()); - Logger.error("cc " + authnRequest.getCitizenCountryCode()); - Logger.error("iss " + authnRequest.getIssuer()); - Logger.error("spid " + authnRequest.getSPID()); - Logger.error("spi " + authnRequest.getSpInstitution()); + // if there is no authn or attr request, raise error + if ((authnRequest == null) && (attrRequest == null)) { + Logger.error("There is no authentication or attribute request contained."); + throw new MOAIDException("stork.14", null); + } STORK2Request.setSTORKAuthnRequest(authnRequest); STORK2Request.setSTORKAttrRequest(attrRequest); diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 4007eacdc..99d5d7612 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -208,6 +208,8 @@ stork.10=Fehler in der Verbindung zum SZR-Gateway stork.11=Fehler beim Sammeln von StorkAttributen stork.12=Konnte keine VIDP Konfiguration finden stork.13=Fehler beim Sammeln eines Attributes in einem AttributProviderPlugin +stork.14=Es wurde weder Authentifizierungs/ noch Attributerequest empfangen +stork.15=Unbekannte request. pvp2.00={0} ist kein gueltiger consumer service index pvp2.01=Fehler beim kodieren der PVP2 Antwort -- cgit v1.2.3