From 3536b99c17250772f253ea5925da72a29e327c58 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 11 Sep 2015 18:23:33 +0200
Subject: move authentication protocol implementation to separate modules.
 authentication protocol modules are loaded by SPI now.

---
 .../moa/id/protocols/saml1/SAML1Protocol.java      | 226 +++++++++++++++++++++
 1 file changed, 226 insertions(+)
 create mode 100644 id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java

(limited to 'id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java')

diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
new file mode 100644
index 000000000..7416dfb00
--- /dev/null
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -0,0 +1,226 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
+
+	public static final String NAME = SAML1Protocol.class.getName();
+	public static final String PATH = "id_saml1";
+
+	public static final String GETARTIFACT = "GetArtifact";
+
+	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+			new String[] {
+					PVPConstants.BPK_NAME,
+					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
+					PVPConstants.GIVEN_NAME_NAME,
+					PVPConstants.PRINCIPAL_NAME_NAME,
+					PVPConstants.BIRTHDATE_NAME,
+					PVPConstants.EID_CCS_URL_NAME,
+					PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME,
+					PVPConstants.EID_IDENTITY_LINK_NAME,
+					PVPConstants.EID_SOURCE_PIN_NAME,
+					PVPConstants.EID_SOURCE_PIN_TYPE_NAME
+			});
+	
+	private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+		
+	static {
+
+		actions.put(GETARTIFACT, new GetArtifactAction());
+		
+		instance = new SAML1Protocol();
+	}
+
+	private static SAML1Protocol instance = null;
+
+	public static SAML1Protocol getInstance() {
+		if (instance == null) {
+			instance = new SAML1Protocol();
+		}
+		return instance;
+	}
+
+	public String getName() {
+		return NAME;
+	}
+
+	public String getPath() {
+		return PATH;
+	}
+
+	public IRequest preProcess(HttpServletRequest request,
+			HttpServletResponse response, String action,
+			String sessionId, String transactionId) throws MOAIDException {
+		SAML1RequestImpl config = new SAML1RequestImpl();
+		
+		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
+			Logger.info("SAML1 is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
+			
+		}
+			
+		String oaURL = (String) request.getParameter(PARAM_OA);
+		//oaURL = StringEscapeUtils.escapeHtml(oaURL);
+		
+		String target = (String) request.getParameter(PARAM_TARGET);
+		target = StringEscapeUtils.escapeHtml(target);
+		
+		String sourceID = request.getParameter(PARAM_SOURCEID);
+		sourceID = StringEscapeUtils.escapeHtml(sourceID);
+		
+		//the target parameter is used to define the OA in SAML1 standard
+		if (target != null && target.startsWith("http")) {
+			oaURL = target;
+			target = null;
+		}
+		
+		if (MiscUtil.isEmpty(oaURL)) {
+			Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
+			throw new WrongParametersException("StartAuthentication", PARAM_OA,
+					"auth.12");
+			
+		}
+		
+		if (!ParamValidatorUtils.isValidOA(oaURL))
+			throw new WrongParametersException("StartAuthentication", PARAM_OA,
+					"auth.12");
+		
+		config.setOAURL(oaURL);
+		
+		Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
+		
+	    if (!ParamValidatorUtils.isValidSourceID(sourceID))
+            throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+		
+		
+		//load Target only from OA config
+		OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
+				.getOnlineApplicationParameter(oaURL);
+		
+		if (oaParam == null)
+			throw new InvalidProtocolRequestException("auth.00",
+					new Object[] { null });
+				
+		SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
+		if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
+			Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
+			throw new InvalidProtocolRequestException("auth.00",
+					new Object[] { null });
+		}
+		config.setOnlineApplicationConfiguration(oaParam);
+		config.setSourceID(sourceID);
+		
+		MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
+		
+		if (MiscUtil.isNotEmpty(target))
+			config.setTarget(target);
+		
+		else
+			config.setTarget(oaParam.getTarget());
+			
+				
+		return config;
+	}
+
+	public boolean generateErrorMessage(Throwable e,
+			HttpServletRequest request, HttpServletResponse response,
+			IRequest protocolRequest) 
+					throws Throwable{
+		
+		OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
+		if (!oa.getSAML1Parameter().isProvideAllErrors())
+			return false;
+		
+		else {
+			SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace();			
+			String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
+		
+			String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet";
+			url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
+			url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+			url = response.encodeRedirectURL(url);
+		
+			response.setContentType("text/html");
+			response.setStatus(302);
+			response.addHeader("Location", url);
+			Logger.debug("REDIRECT TO: " + url);
+		
+			return true;
+		}
+	}
+
+	public IAction getAction(String action) {
+		return actions.get(action);
+	}
+
+	public IAction canHandleRequest(HttpServletRequest request,
+			HttpServletResponse response) {
+		return null;
+	}
+
+	public boolean validate(HttpServletRequest request,
+			HttpServletResponse response, IRequest pending) {
+		
+		return true;
+	}
+	
+	protected static String addURLParameter(String url, String paramname,
+			String paramvalue) {
+		String param = paramname + "=" + paramvalue;
+		if (url.indexOf("?") < 0)
+			return url + "?" + param;
+		else
+			return url + "&" + param;
+	}
+
+}
-- 
cgit v1.2.3