From a8a923ddda874437efb87c9fdecfb65dd722fed0 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 15:24:19 +0100
Subject: moa can do outbound eidas

---
 .../id/protocols/eidas/AuthenticationRequest.java  | 116 ++++++++++++++++++++-
 .../moa/id/protocols/eidas/EIDASData.java          |  63 ++++++++++-
 .../moa/id/protocols/eidas/EIDASProtocol.java      |  18 +++-
 3 files changed, 192 insertions(+), 5 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 3144d08e8..6adefdb86 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -22,14 +22,45 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.eidas;
 
+import java.io.StringWriter;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.Map.Entry;
+
+import iaik.pkcs.pkcs11.objects.Object;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.springframework.format.datetime.DateFormatter;
+
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASStatusCode;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
+import eu.eidas.auth.engine.core.eidas.EidasConstants;
+import eu.eidas.auth.engine.metadata.MetadataUtil;
+import eu.stork.peps.auth.commons.PEPSUtil;
+
 
 /**
  * Second request step - after authentication of the user is done and moasession obtained,
@@ -42,7 +73,90 @@ public class AuthenticationRequest implements IAction {
 
 	@Override
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-		// TODO Auto-generated method stub
+		EIDASData eidasRequest;
+		if(req instanceof EIDASData)
+			eidasRequest = (EIDASData) req;
+		else
+			throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
+		
+		
+		// gather attributes
+		MOAPersonalAttributeList resultingAttributeList = (MOAPersonalAttributeList) eidasRequest.getEidasRequestedAttributes().clone();
+		
+		for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
+			String newValue = "";
+			
+			switch(current.getKey()) {
+			case "DateOfBirth": newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
+			case "CurrentFamilyName": newValue = authData.getFamilyName();break;
+			case "CurrentGivenName": newValue = authData.getGivenName();break;
+			case "PersonIdentifier": newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
+                    eidasRequest.getTarget()); break;
+			}
+			
+			if("".equals(newValue))
+				current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
+			else {
+				current.getValue().getValue().clear();
+				current.getValue().getValue().add(newValue);
+				current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString());
+			}
+		}
+		
+		// construct eIDaS response
+		EIDASAuthnResponse response = new EIDASAuthnResponse();
+		response.setPersonalAttributeList(resultingAttributeList);
+		response.setIssuer("http://localhost:12344/moa-id-auth/eidas/metadata");
+		response.setAssuranceLevel(authData.getEIDASQAALevel());
+		
+		String token = null;
+		try {
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			
+			// check if we have the destination available, supply it if not
+			if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
+				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+						new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), 
+						engine, 
+						eidasRequest.getEidasRequest());
+				eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+			}
+			
+			response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
+
+			
+			token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+		} catch(Exception e) {
+			e.printStackTrace();
+		}
+		
+		// send the response
+        try {
+            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+            VelocityContext context = new VelocityContext();
+            
+            context.put("SAMLResponse", token);
+            Logger.debug("SAMLResponse original: " + token);
+
+            Logger.debug("Putting assertion consumer url as action: " + eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
+            context.put("action", eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
+            Logger.trace("Starting template merge");
+            StringWriter writer = new StringWriter();
+
+            Logger.trace("Doing template merge");
+            template.merge(context, writer);
+            Logger.trace("Template merge done");
+
+            Logger.trace("Sending html content: " + writer.getBuffer().toString());
+            Logger.trace("Sending html content2  : " + new String(writer.getBuffer()));
+
+            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+
+        } catch (Exception e) {
+            Logger.error("Velocity error: " + e.getMessage());
+        }
+		
 		return null;
 	}
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 6f9a04e28..0bedf0432 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -4,10 +4,11 @@ import java.util.List;
 
 import org.opensaml.saml2.core.Attribute;
 
+import eu.eidas.auth.commons.EIDASAuthnRequest;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 
-public class EIDASRequest extends RequestImpl {
+public class EIDASData extends RequestImpl {
 
 	/** The Constant serialVersionUID. */
 	private static final long serialVersionUID = 8765755670214923910L;
@@ -15,9 +16,69 @@ public class EIDASRequest extends RequestImpl {
 	/** The attributes requested by the eIDaS. */
 	private MOAPersonalAttributeList attributes;
 
+	/** The incoming eIDaS SAML2 AuthnRequest. */
+	private EIDASAuthnRequest authnRequest;
+
+	/** The ip address of the requester. */
+	private String remoteIPAddress;
+
 	@Override
 	public List<Attribute> getRequestedAttributes() {
 		// TODO Auto-generated method stub
 		return null;
 	}
+	
+	/**
+	 * Gets the eidas requested attributes.
+	 *
+	 * @return the requested attributes
+	 */
+	public MOAPersonalAttributeList getEidasRequestedAttributes() {
+		return (MOAPersonalAttributeList) attributes.clone();
+	}
+
+	/**
+	 * Sets the eidas requested attributes.
+	 *
+	 * @param personalAttributeList the requested attributes
+	 */
+	public void setEidasRequestedAttributes(MOAPersonalAttributeList personalAttributeList) {
+		attributes = personalAttributeList;
+	}
+
+	/**
+	 * Gets the eidas request.
+	 *
+	 * @return the eidas request
+	 */
+	public EIDASAuthnRequest getEidasRequest() {
+		return authnRequest;
+	}
+	
+	/**
+	 * Sets the eidas request.
+	 *
+	 * @param request the new eidas request
+	 */
+	public void setEidasRequest(EIDASAuthnRequest request) {
+		authnRequest = request;  
+	}
+
+	/**
+	 * Gets the remote address.
+	 *
+	 * @return the remote address
+	 */
+	public String getRemoteAddress() {
+		return remoteIPAddress;
+	}
+	
+	/**
+	 * Sets the remote address.
+	 *
+	 * @param remoteIP the new remote address
+	 */
+	public void setRemoteAddress(String remoteIP) {
+		remoteIPAddress = remoteIP;
+	}
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 3e2122315..a94e136b4 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.eidas;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -101,12 +102,23 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
 			EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
 
 			// memorize important stuff
-			EIDASRequest result = new EIDASRequest();
+			EIDASData result = new EIDASData();
+
+			// - memorize remote ip
+			result.setRemoteAddress(request.getRemoteAddr());
+			
+			// - memorize country code of target country
+			result.setTarget(samlReq.getCountry());
+			
 			// - memorize requested attributes
-			// TODO memorize requested attributes
+			result.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
 
+			// - memorize whole request
+			samlReq.setPersonalAttributeList(result.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
+			result.setEidasRequest(samlReq);
+			
 			// - memorize OA url
-			result.setOAURL("https://demo.a-sit.at/EidasNode"); // TODO use metadata url?
+			result.setOAURL(samlReq.getIssuer());
 
 			// - memorize OA config
 			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL());
-- 
cgit v1.2.3