/** * */ package at.gv.egovernment.moa.id.auth.stork; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.velocity.app.VelocityEngine; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.Endpoint; import org.opensaml.ws.transport.http.HTTPOutTransport; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.security.credential.Credential; import at.gv.egovernment.moa.logging.Logger; import eu.stork.mw.messages.saml.STORKAuthnRequest; import eu.stork.vidp.messages.builder.STORKMessagesBuilder; import eu.stork.vidp.messages.exception.SAMLException; import eu.stork.vidp.messages.exception.SAMLValidationException; import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; import eu.stork.vidp.messages.stork.RequestedAttributes; import eu.stork.vidp.messages.util.SAMLUtil; /** * Class handling all necessary functionality for STORK AuthnRequest processing * * @author bzwattendorfer * */ public class STORKAuthnRequestProcessor { /** * Creates a STORK AuthnRequest * @param destination Destination URL * @param acsURL Assertion Consumer Service URL * @param providerName SP Provider Name * @param issuerValue Issuer Name * @param qaaLevel STORK QAALevel to be requested * @param requestedAttributes Requested Attributes to be requested * @param spSector Sp Sector * @param spInstitution SP Institution * @param spApplication SP Application * @param spCountry SP Country * @param textToBeSigned text to be included in signedDoc element * @param mimeType mimeType for the text to be signed in signedDoc * @return STORK AuthnRequest */ public static STORKAuthnRequest generateSTORKAuthnRequest( String destination, String acsURL, String providerName, String issuerValue, QualityAuthenticationAssuranceLevel qaaLevel, RequestedAttributes requestedAttributes, String spSector, String spInstitution, String spApplication, String spCountry, String textToBeSigned, String mimeType) { STORKAuthnRequest storkAuthnRequest = STORKMessagesBuilder.buildSTORKAuthnRequest( destination, acsURL, providerName, issuerValue, qaaLevel, requestedAttributes, spSector, spInstitution, spApplication, spCountry); STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true); Logger.debug("Added signedDoc attribute to STORK AuthnRequest"); return storkAuthnRequest; } /** * Signs a STORK AuthnRequest * @param storkAuthnRequest STORK AuthRequest to sign * @param keyStorePath KeyStorePath to the signing key * @param keyStorePassword KeyStore Password * @param keyName Signing key name * @param keyPassword Signing key password * @return Signed STORK AuthnRequest * @throws SAMLException */ public static STORKAuthnRequest signSTORKAuthnRequest( STORKAuthnRequest storkAuthnRequest, String keyStorePath, String keyStorePassword, String keyName, String keyPassword) throws SAMLException { Logger.trace("Building Credential Provider for signing process"); CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword); Credential credential = credentialProvider.getCredential(); Logger.trace("Credentials found"); SAMLUtil.signSAMLObject(storkAuthnRequest, credential); return storkAuthnRequest; } /** * Validates a STORK AuthnRequest * @param storkAuthnRequest STORK AuthnRequest to validate * @throws SAMLValidationException */ public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException { SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator"); } /** * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest) * @param request HttpServletRequest * @param response HttpServletResponse * @param storkAuthnRequest STORK AuthnRequest to send * @throws Exception */ public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception { Logger.trace("Create endpoint..."); Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME); endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); endpoint.setLocation(storkAuthnRequest.getDestination()); Logger.trace("Prepare SAMLMessageContext..."); HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure()); BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); samlMessageContext.setOutboundMessageTransport(outTransport); samlMessageContext.setPeerEntityEndpoint(endpoint); Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext..."); samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest); Logger.trace("Initialize VelocityEngine..."); VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); // HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm"); HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm"); Logger.trace("HTTP-Post encode SAMLMessageContext..."); encoder.encode(samlMessageContext); } }