From 31d5edb552ba03ce474f050bf2e69316af1ee623 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 15:34:46 +0100
Subject: use general config eidas (in progress)

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 54 ++++++++++++++--------
 1 file changed, 34 insertions(+), 20 deletions(-)

(limited to 'id/server')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 9ae61edd9..9b289a435 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -24,11 +24,11 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
 import java.io.IOException;
 import java.io.StringWriter;
-import java.security.Security;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
@@ -41,16 +41,21 @@ import eu.eidas.auth.commons.IPersonalAttributeList;
 import eu.eidas.auth.commons.PersonalAttribute;
 import eu.eidas.auth.commons.PersonalAttributeList;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.SPType;
 import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -79,19 +84,36 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			//load pending request
 			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);				
 			if (pendingReq == null) {
-				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+				Logger.info("No PendingRequest with Id: '{}' Maybe, a transaction timeout occure.", new Object[] {pendingRequestID});
 				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
 			
 			}
-    	
-			//load MOASession object and OA-configuration
+
+			//load MOASession object, configuration and OA-configuration
 			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
 			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+			AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance();
 
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			// get target country
+			String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
+
+			if (StringUtils.isEmpty(citizenCountryCode)) {
+				// illegal state; task should not have been executed without a selected country
+				throw new AuthenticationException("stork.22", new Object[] { moasessionid });
+			}
+
+			CPEPS cpeps = moaconfig.getStorkConfig().getCPEPS(citizenCountryCode);
+			if(null == cpeps) {
+				Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
+				throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode});
+			}
+			Logger.debug("Found C-PEPS configuration for citizen of country: " + citizenCountryCode);
+			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
+			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
 
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
 			IPersonalAttributeList pAttList = new PersonalAttributeList();
-			
+
 			//create template requested attribute
 			//TODO: load required attributes from OA configuration
 			PersonalAttribute attr = new PersonalAttribute();
@@ -112,23 +134,15 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			
 			//build eIDAS AuthnRequest
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
-			String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ColleagueRequest";
-//			authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
-			String providerName = "sp3fr-moa";
-			authnRequest.setProviderName(providerName);
-//			int qaaLevel = 1;
-//			authnRequest.setQaa(qaaLevel); // not needed anymore. furthermore this may make the node think the request at hand is a stork request and we do not want that.
+			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
 			authnRequest.setPersonalAttributeList(pAttList);
-			String issuer = "http://localhost:12343/moa-id-auth/eidas/metadata";
-			authnRequest.setIssuer(issuer);
-			authnRequest.setDestination(assertionConsumerURL);
+			authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + "/eidas/metadata");
+			authnRequest.setDestination(destination); 
 			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
 			authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
 			authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
-			authnRequest.setAlias(providerName);
+			authnRequest.setSPType(SPType.DEFAULT_VALUE);
 
-			authnRequest.setSPType("public");
-			
 			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
 			
@@ -149,8 +163,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
 	            context.put("RelayState", moasessionid);
 	            
-	            Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL);
-	            context.put("action", assertionConsumerURL);
+	            Logger.debug("Using assertion consumer url as action: " + destination);
+	            context.put("action", destination);
 
 	            Logger.debug("Starting template merge");
 	            StringWriter writer = new StringWriter();
-- 
cgit v1.2.3


From 1092129203ea1f5c17ae8a10ec43f7907140759c Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 15:35:50 +0100
Subject: fixed bug of missing citizen country code for stork module

---
 .../id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'id/server')

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index ef61739f8..e19947313 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -41,9 +41,10 @@ import eu.stork.peps.auth.commons.PersonalAttribute;
 import eu.stork.peps.auth.commons.PersonalAttributeList;
 import eu.stork.peps.auth.commons.STORKAuthnRequest;
 import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.auth.engine.core.CitizenCountryCode;
 import eu.stork.peps.exceptions.STORKSAMLEngineException;
-
 import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -126,6 +127,9 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
 			AuthenticationSession moasession = BaseAuthenticationServer.getSession(sessionID);			
 			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
 			
+			// bugfix: the new task system fails to initialize the CCC - set it here
+			moasession.setCcc((String) executionContext.get(MOAIDAuthConstants.PARAM_CCC));
+
 			if (StringUtils.isEmpty(moasession.getCcc())) {
 				// illegal state; task should not have been executed without a selected country
 				throw new AuthenticationException("stork.22", new Object[] { sessionID });
-- 
cgit v1.2.3


From 29f01a4975f637c26fbcd0b43a9c844d7d3d2e54 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 15:57:30 +0100
Subject: fetch requested attributes from configuration

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 42 ++++++++++++----------
 1 file changed, 24 insertions(+), 18 deletions(-)

(limited to 'id/server')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 9b289a435..57588287d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -24,10 +24,12 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
 import java.io.IOException;
 import java.io.StringWriter;
+import java.util.Collection;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
@@ -56,6 +58,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -111,27 +114,30 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
 			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
 
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			// assemble requested attributes
+			Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
+
+			// - prepare attribute list
 			IPersonalAttributeList pAttList = new PersonalAttributeList();
 
-			//create template requested attribute
-			//TODO: load required attributes from OA configuration
-			PersonalAttribute attr = new PersonalAttribute();
-			attr.setName("eidas/attributes/CurrentFamilyName");
-			pAttList.add(attr);
+			// - fill container
+			for (StorkAttribute current : attributesFromConfig) {
+				PersonalAttribute newAttribute = new PersonalAttribute();
+				newAttribute.setName(current.getName());
+
+				boolean globallyMandatory = false;
+				for (StorkAttribute currentGlobalAttribute : moaconfig.getStorkConfig().getStorkAttributes())
+					if (current.getName().equals(currentGlobalAttribute.getName())) {
+						globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
+						break;
+					}
+
+				newAttribute.setIsRequired(current.getMandatory() || globallyMandatory);
+				pAttList.add(newAttribute);
+			}
+
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
 
-			PersonalAttribute attr1 = new PersonalAttribute();
-			attr1.setName("eidas/attributes/CurrentGivenName");
-			pAttList.add(attr1);
-			
-			PersonalAttribute attr2 = new PersonalAttribute();
-			attr2.setName("eidas/attributes/DateOfBirth");
-			pAttList.add(attr2);
-			
-			PersonalAttribute attr3 = new PersonalAttribute();
-			attr3.setName("eidas/attributes/PersonIdentifier");
-			pAttList.add(attr3);
-			
 			//build eIDAS AuthnRequest
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
 			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
-- 
cgit v1.2.3