/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; import java.io.StringWriter; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; /** * Provides mandate attribute from MIS */ public class MandateAttributeRequestProvider extends AttributeProvider { /** * The destination. */ private String destination; private String spCountryCode; private PersonalAttributeList requestedAttributes; public MandateAttributeRequestProvider(String aPurl, String supportedAttributes) throws MOAIDException { super(supportedAttributes); destination = aPurl; } public String getAttrProviderName() { return "MandateAttributeRequestProvider"; } // TODO check if used @Override protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName()); this.spCountryCode = moastorkRequest.getSpCountry(); requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(attribute); // break if we cannot handle the requested attribute if (!attributes.contains(attribute.getName())) { Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName()); throw new UnsupportedAttributeException(); } // check if there is eIdentifier included and add if necessary // if (!requestedAttributes.containsKey("eIdentifier")) { // PersonalAttribute eIdentifier = new PersonalAttribute(); // eIdentifier.setName("eIdentifier"); // eIdentifier.setIsRequired(true); // requestedAttributes.add(eIdentifier); // } Logger.info("Thrown external request by: " + getAttrProviderName()); throw new ExternalAttributeRequestRequiredException(this); } @Override public IPersonalAttributeList acquire(List attributes, MOASTORKRequest moastorkRequest, IAuthData moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { Logger.info("Acquiring " + attributes.size() + " attributes, by: " + getAttrProviderName()); this.spCountryCode = moastorkRequest.getSpCountry(); requestedAttributes = new PersonalAttributeList(attributes.size()); for (PersonalAttribute personalAttribute : attributes) { // break if we cannot handle the requested attribute if (!this.attributes.contains(personalAttribute.getName())) { Logger.info("Attribute " + personalAttribute.getName() + " not supported by the provider: " + getAttrProviderName()); throw new UnsupportedAttributeException(); } requestedAttributes.add(personalAttribute); } // continue with other attribute providers if there are no attributes current provider is able to handle if (requestedAttributes.size() == 0) { Logger.info("Attribute(s) " + attributes.toString() + " not supported by the provider: " + getAttrProviderName()); throw new UnsupportedAttributeException(); } Logger.info("Thrown external request by: " + getAttrProviderName()); throw new ExternalAttributeRequestRequiredException(this); } public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { String spSector = "Business"; String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; if ((spCountryCode == null) || (spCountryCode.length()<2)) { spCountryCode = oaParam.getTarget(); Logger.info("Setting spcountry target: " + oaParam.getTarget()); Logger.info("idlink ident " + oaParam.getIdentityLinkDomainIdentifier()); Logger.info("idlink type " + oaParam.getIdentityLinkDomainIdentifierType()); Logger.info("Setting spcountry target friendly : " + oaParam.getTargetFriendlyName()); Logger.info("Oatype : " + oaParam.getOaType()); Logger.info("puburl : " + oaParam.getPublicURLPrefix()); if ("STORK".equals(oaParam.getIdentityLinkDomainIdentifierType())) { spCountryCode = oaParam.getIdentityLinkDomainIdentifier().substring(oaParam.getIdentityLinkDomainIdentifier().length()-2); Logger.info("Set to " +spCountryCode); } } // TODO ensure that other providers request eidentifier // check if there is eIdentifier included and add if necessary if (!requestedAttributes.containsKey("eIdentifier")) { PersonalAttribute eIdentifier = new PersonalAttribute(); eIdentifier.setName("eIdentifier"); eIdentifier.setIsRequired(true); requestedAttributes.add(eIdentifier); } //generate AttrQueryRequest STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); attributeRequest.setDestination(destination); attributeRequest.setAssertionConsumerServiceURL(url); attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); attributeRequest.setQaa(oaParam.getQaaLevel()); attributeRequest.setSpInstitution(spInstitution); attributeRequest.setCountry(spCountryCode); attributeRequest.setSpCountry(spCountryCode); attributeRequest.setSpApplication(spApplication); attributeRequest.setSpSector(spSector); attributeRequest.setPersonalAttributeList(requestedAttributes); attributeRequest.setCitizenCountryCode("AT"); attributeRequest.setQaa(oaParam.getQaaLevel()); if (attributeRequest.getQaa() == 0 ) { attributeRequest.setQaa(4); // workaround } Logger.info("STORK AttrRequest successfully assembled."); STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); try { attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest); } catch (STORKSAMLEngineException e) { Logger.error("Could not sign STORK SAML AttrRequest.", e); throw new MOAIDException("stork.00", null); } Logger.info("STORK AttrRequest successfully signed!"); try { Logger.trace("Initialize VelocityEngine..."); VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); VelocityContext context = new VelocityContext(); context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml())); context.put("action", destination); StringWriter writer = new StringWriter(); template.merge(context, writer); resp.getOutputStream().write(writer.toString().getBytes("UTF-8")); } catch (Exception e) { Logger.error("Error sending STORK SAML AttrRequest.", e); throw new MOAIDException("stork.11", null); } Logger.info("STORK AttrRequest successfully rendered!"); } public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { return null; // } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() */ @Override public int getPriority() { return 99; } }