/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.saml1; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; public class GetArtifactAction implements IAction { public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException { String oaURL = (String) req.getOAURL(); String target = (String) req.getTarget(); try { if (oaURL == null) { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); } // check parameter if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); // TODO: Support Mandate MODE! OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(oaURL); SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session, oaParam, target); // add other stork attributes to MOA assertion if available if(null != session.getStorkAttributes()) { List moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(session.getStorkAttributes()); session.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes); //produce MOA-Assertion and artifact AuthenticationServer.getInstance().getForeignAuthenticationData(session); Logger.info("MOA assertion assembled and SAML Artifact generated."); } String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData); if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) { String url = "RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (!oaParam.getBusinessService()) url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8")); url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = httpResp.encodeRedirectURL(url); httpResp.setContentType("text/html"); httpResp.setStatus(302); httpResp.addHeader("Location", url); } else { String redirectURL = oaURL; if (!oaParam.getBusinessService()) { redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8")); } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = httpResp.encodeRedirectURL(redirectURL); httpResp.setContentType("text/html"); httpResp.setStatus(302); httpResp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); } return authData.getAssertionID(); } catch (Exception ex) { Logger.error("SAML1 Assertion build error", ex); throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex); } } protected static String addURLParameter(String url, String paramname, String paramvalue) { String param = paramname + "=" + paramvalue; if (url.indexOf("?") < 0) return url + "?" + param; else return url + "&" + param; } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { return true; } public String getDefaultActionName() { return SAML1Protocol.GETARTIFACT; } }