diff options
| author | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-19 08:55:49 +0200 | 
|---|---|---|
| committer | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-19 08:55:49 +0200 | 
| commit | 1bad320e50f66e44fcb23f0c8d242809f8077520 (patch) | |
| tree | 2c65c6f9ca55c95c2327bdd39474cfab35f73d46 | |
| parent | 5d306c41c0033f330413cf2b18db9f1137d51980 (diff) | |
| parent | 470ac2c6234a0bac1e973fd3c1f49e1d9da41be4 (diff) | |
| download | EAAF-Components-1bad320e50f66e44fcb23f0c8d242809f8077520.tar.gz EAAF-Components-1bad320e50f66e44fcb23f0c8d242809f8077520.tar.bz2 EAAF-Components-1bad320e50f66e44fcb23f0c8d242809f8077520.zip | |
Merge branch 'master' into moa-sig-dependency-fixup
30 files changed, 646 insertions, 96 deletions
| diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java index 51b4e0b4..c9c2ec0b 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java @@ -103,9 +103,9 @@ public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilder  	@Override  	public final Map<String, Object> getViewParameters() {		  		//set generic parameters -		setViewParameter(PARAM_GROUP_FORM, PARAM_AUTHCONTEXT, this.authURL); -		setViewParameter(PARAM_GROUP_FORM, PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint); -		setViewParameter(PARAM_GROUP_FORM, PARAM_VIEWNAME, this.viewName); +		setViewParameter(getFromGroup(), PARAM_AUTHCONTEXT, this.authURL); +		setViewParameter(getFromGroup(), PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint); +		setViewParameter(getFromGroup(), PARAM_VIEWNAME, this.viewName);  		//get parameters from detail implementation  		putSpecificViewParameters(); @@ -126,6 +126,13 @@ public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilder  	 *   	 */  	abstract protected void putSpecificViewParameters(); +	 +	/** +	 * Get the Group for generic form elements +	 *  +	 * @return groupName or <code>null</code> if no groups are used +	 */ +	abstract protected String getFromGroup();  	@SuppressWarnings("unchecked")  	protected void setViewParameter(String group, String key, Object value) { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java index 65e13b5a..b9c16538 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java @@ -77,7 +77,7 @@ public abstract class AbstractVelocityGUIFormBuilderImpl implements IVelocityGui  	public final void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGUIBuilderConfiguration config,  			String loggerName) throws GUIBuildException {  		if (config instanceof IVelocityGUIBuilderConfiguration) -			build(httpReq, httpResp, config, loggerName); +			build(httpReq, httpResp, (IVelocityGUIBuilderConfiguration)config, loggerName);  		else  			throw new IllegalStateException(this.getClass().getName() + " needs a " + IVelocityGUIBuilderConfiguration.class.getName()); @@ -88,7 +88,7 @@ public abstract class AbstractVelocityGUIFormBuilderImpl implements IVelocityGui  	public final void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGUIBuilderConfiguration config,  			String contentType, String loggerName) throws GUIBuildException {  		if (config instanceof IVelocityGUIBuilderConfiguration) -			build(httpReq, httpResp, config, loggerName); +			build(httpReq, httpResp, (IVelocityGUIBuilderConfiguration)config, contentType, loggerName);  		else  			throw new IllegalStateException(this.getClass().getName() + " needs a " + IVelocityGUIBuilderConfiguration.class.getName()); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java new file mode 100644 index 00000000..86728c05 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java @@ -0,0 +1,121 @@ +package at.gv.egiz.eaaf.core.impl.idp; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.lang.NonNull; +import org.springframework.util.Assert; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; + +public class EidAuthenticationData extends AuthenticationData implements IEidAuthData { +	private static final Logger log = LoggerFactory.getLogger(EidAuthenticationData.class); +	 +	 +	private static final long serialVersionUID = -7106142572904327044L; + +	private byte[] eIDToken; +	private byte[] signerCertificate; +	private EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus; +	private String vdaEndpointUrl; +	private boolean useMandate = false; +	 +	@Override +	public byte[] getSignerCertificate() { +		return this.signerCertificate;		 +	}   +	 +	@Override +	public byte[] getEIDToken() { +		return this.eIDToken; +	} + +	@Override +	public EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus() { +		return this.eidStatus; +		 +	} + +	@Override +	public boolean isUseMandate() { +		return useMandate; +	} + +	@Override +	public String getVdaEndPointUrl() { +		return vdaEndpointUrl; +		 +	} +	 +	/** +	 * Set the status of the E-ID identity +	 *  +	 * @param eidStatus +	 */ +	public void setEidStatus(EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus) { +		this.eidStatus = eidStatus; +	} + +	/** +	 * Set Online IdentityLink to AuthenticationData +	 *  +	 * @param eIDToken +	 */ +	public void seteIDToken(final byte[] eIDToken) { +		this.eIDToken = eIDToken; +		 +	} + +	/** +	 * Set the signing certificate that was used to sign the user consent +	 *  +	 * @param signerCertificate +	 */ +	public void setSignerCertificate(@NonNull final X509Certificate signerCertificate) { +		Assert.notNull(signerCertificate, "Signer certificate is null"); +		try { +			this.signerCertificate = signerCertificate.getEncoded(); +			 +		} catch (final CertificateEncodingException e) { +			log.warn("Can NOT serialized signer-certificate", e); +			log.warn("Signer certificate will be ignored"); +			 +		} +	} + +	/** +	 * Set the signing certificate that was used to sign the user consent +	 *  +	 * @param signerCertificate +	 */ +	public void setSignerCertificate(final byte[] signerCertificate) { +		this.signerCertificate = signerCertificate; +		 +	} +	 +	/** +	 * Set flag that mandates are used in this process +	 *  +	 * @param useMandate true if mandates was used, otherwise false +	 */ +	public void setUseMandate(boolean useMandate) { +		this.useMandate = useMandate; +	} + + +	/** +	 * Set URL of the EndPoint that was used on VDA for authentication +	 *  +	 * @param vdaEndpointUrl +	 */ +	public void setVdaEndpointUrl(String vdaEndpointUrl) { +		this.vdaEndpointUrl = vdaEndpointUrl; +	} + +	 + +	 +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index 2482d65f..47b1ecf9 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -172,7 +172,6 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati  		internalAuthData.setDateOfBirth(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.BIRTHDATE_NAME, String.class));  		internalAuthData.setEncSourceId(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_NAME, String.class));  		internalAuthData.setEncSourceIdType(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_TYPE_NAME, String.class)); -  		//####################################################  		//set QAA level @@ -574,7 +573,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati  		 * but there it is not neccesary. We fix this problem in 3.4.3, but the fix can be deactivated   		 * for dependency reasons.   		 */ -		if (basicConfig.getBasicMOAIDConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) { +		if (basicConfig.getBasicConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) {  			authData.setGivenName(identityLink.getGivenName().replaceAll("'", "'"));  			authData.setFamilyName(identityLink.getFamilyName().replaceAll("'", "'")); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index 6f416414..0aa7ff89 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -48,7 +48,7 @@ import at.gv.egiz.eaaf.core.api.IStatusMessenger;  import at.gv.egiz.eaaf.core.api.data.EAAFConstants;  import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;  import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory; -import at.gv.egiz.eaaf.core.api.gui.ISpringMVCGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;  import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;  import at.gv.egiz.eaaf.core.api.idp.IAction;  import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -83,7 +83,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer  	@Autowired(required=true) private ITransactionStorage transactionStorage;  	@Autowired(required=true) private IAuthenticationManager authmanager;			  	@Autowired(required=true) private IAuthenticationDataBuilder authDataBuilder;	 -	@Autowired(required=true) private ISpringMVCGUIFormBuilder guiBuilder;  	@Autowired(required=true) private IGUIBuilderConfigurationFactory guiConfigFactory;  	@Autowired(required=true) private IStatusMessenger statusMessager;  	@Autowired(required=true) private IRequestStorage requestStorage; @@ -93,6 +92,9 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer  	@Autowired private IStatisticLogger statisticLogger;  	@Autowired private IRevisionLogger revisionsLogger; +	 +	private IGUIFormBuilder guiBuilder; +	  	/* (non-Javadoc)  	 * @see at.gv.egiz.eaaf.core.impl.idp.auth.services.IProtocolAuthenticationService#performAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egiz.eaaf.core.api.IRequest)  	 */ @@ -257,6 +259,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer  	} +		 +	public void setGuiBuilder(IGUIFormBuilder guiBuilder) { +		this.guiBuilder = guiBuilder; +	} +  	/**  	 * Finalize the requested protocol operation  	 *  @@ -366,16 +373,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer  		}		  	} -	private void writeBadRequestErrorResponse(final HttpServletRequest req, final HttpServletResponse resp, final EAAFException e) throws IOException { -		final String code = statusMessager.mapInternalErrorToExternalError(((InvalidProtocolRequestException)e).getErrorId()); -		final String descr = StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage())); -		resp.setContentType(EAAFConstants.CONTENTTYPE_HTML_UTF8); -		resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + -				"(Errorcode=" + code + -				" | Description=" + descr + ")"); -		 -	} -	  	private void writeHTMLErrorResponse(@NonNull final HttpServletRequest httpReq, @NonNull final HttpServletResponse httpResp,   			@NonNull final String msg, @NonNull  final String errorCode, @Nullable final Object[] params, @NonNull final Exception error) throws IOException, EAAFException { @@ -457,11 +454,21 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer  				statisticLogger.logErrorOperation(ex, ex.getErrorRequest());  			//write error message -			writeBadRequestErrorResponse(req, resp, (EAAFException) e);			 +			//writeBadRequestErrorResponse(req, resp, (EAAFException) e); +			writeHTMLErrorResponse(req, resp,  +					e.getMessage(),  +					statusMessager.getResponseErrorCode(e), +					null, +					e);	  		} else if (e instanceof InvalidProtocolRequestException) {		  			//send error response -			writeBadRequestErrorResponse(req, resp, (EAAFException) e); +			//writeBadRequestErrorResponse(req, resp, (EAAFException) e); +			writeHTMLErrorResponse(req, resp,  +					e.getMessage(),  +					statusMessager.getResponseErrorCode(e), +					null, +					e);	  		} else if (e instanceof ConfigurationException) {  			//send HTML formated error message diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java new file mode 100644 index 00000000..ec0f5d0c --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java @@ -0,0 +1,44 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +@PVPMETADATA +public class EIDCcsURL implements IPVPAttributeBuilder { +	private static final Logger log = LoggerFactory.getLogger(EID_CCS_URL_NAME); +	 +	@Override +	public String getName() { +		return EID_CCS_URL_NAME; +	} + +	@Override +	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, +			IAttributeGenerator<ATT> g) throws AttributeBuilderException { +		if (authData instanceof IEidAuthData) { +			final String bkuurl = ((IEidAuthData)authData).getVdaEndPointUrl(); +			if (StringUtils.isNotEmpty(bkuurl)) +				return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); +			 +				 +		} else +			log.info(EID_CCS_URL_FRIENDLY_NAME + " is only available in MOA-ID context"); +		 +		throw new UnavailableAttributeException(EID_CCS_URL_NAME); +	} + +	@Override +	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { +		return g.buildEmptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME); +	} + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java new file mode 100644 index 00000000..698393ea --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java @@ -0,0 +1,69 @@ +/******************************************************************************* + * Copyright 2019 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ,   + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + *   + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.util.Base64Utils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +@PVPMETADATA +public class EIDEIDTokenBuilder implements IPVPAttributeBuilder { +	private static final Logger log = LoggerFactory.getLogger(EIDEIDTokenBuilder.class); +	  +	 +	@Override +	public String getName() { +		return EID_E_ID_TOKEN_NAME; +	} + +	@Override +	public <ATT> ATT build(final ISPConfiguration oaParam, final IAuthData authData, +			final IAttributeGenerator<ATT> g) throws AttributeBuilderException { +		 +		if (authData instanceof IEidAuthData) {		 +			if (((IEidAuthData)authData).getEIDToken() == null) +				throw new UnavailableAttributeException(EID_E_ID_TOKEN_NAME); +					 +			return g.buildStringAttribute(EID_E_ID_TOKEN_FRIENDLY_NAME, +					EID_E_ID_TOKEN_NAME, Base64Utils.encodeToString(((IEidAuthData)authData).getEIDToken())); +		} else +			log.info(EID_E_ID_TOKEN_FRIENDLY_NAME + " is only available in AuthHandler context"); +		 +		throw new UnavailableAttributeException(EID_E_ID_TOKEN_NAME); +	} + +	@Override +	public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) { +		return g.buildEmptyAttribute(EID_E_ID_TOKEN_FRIENDLY_NAME, +				EID_E_ID_TOKEN_NAME); +	} + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java new file mode 100644 index 00000000..bab521b4 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java @@ -0,0 +1,80 @@ +/******************************************************************************* + * Copyright 2019 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ,   + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + *   + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.util.Base64Utils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +@PVPMETADATA +public class EIDSignerCertificate implements IPVPAttributeBuilder { +	private static final Logger log = LoggerFactory.getLogger(EIDSignerCertificate.class); +	 +	@Override +	public String getName() { +		return EID_SIGNER_CERTIFICATE_NAME; +	} + +	@Override +	public <ATT> ATT build(final ISPConfiguration oaParam, final IAuthData authData, +			final IAttributeGenerator<ATT> g) throws AttributeBuilderException { +		 +		if (authData instanceof IEidAuthData) { +			try { +				 +				final byte[] signerCertificate = ((IEidAuthData)authData).getSignerCertificate(); +				if (signerCertificate != null) { +					return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME,  +						Base64Utils.encodeToString(signerCertificate)); +			 +				} else +					log.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context"); +			 +			} catch (final Exception e) { +				log.info("Signer certificate BASE64 encoding error"); +			 +			} +			 +		} else +			log.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in AuthHandler context"); +			 +		 +		throw new UnavailableAttributeException(EID_SIGNER_CERTIFICATE_NAME); +		 +	} + +	@Override +	public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) { +		return g.buildEmptyAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME); +	} + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java new file mode 100644 index 00000000..6a8de559 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java @@ -0,0 +1,47 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +@PVPMETADATA +public class EidIdentityStatusLevelAttributeBuiler implements IPVPAttributeBuilder { +	private static final Logger log = LoggerFactory.getLogger(EidIdentityStatusLevelAttributeBuiler.class); + +	@Override +	public String getName() { +		return EID_IDENTITY_STATUS_LEVEL_NAME; +	} + +	@Override +	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) +			throws AttributeBuilderException { +		 +		if (authData instanceof IEidAuthData) {		 +			if (((IEidAuthData)authData).getEIDStatus() == null) +				throw new UnavailableAttributeException(getName()); +					 +			return g.buildStringAttribute(getFriendlyName(), +					getName(), ((IEidAuthData)authData).getEIDStatus().getURI()); +		} else +			log.info(getFriendlyName() + " is only available in EAAF context"); +		 +		throw new UnavailableAttributeException(getName()); +	} + +	@Override +	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { +		return g.buildEmptyAttribute(getFriendlyName(), getName()); +	} + +	private String getFriendlyName() { +		return EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME; +	} +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java index af009b10..55662326 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java @@ -158,19 +158,31 @@ public abstract class AbstractConfigurationImpl implements IExtendedConfiguratio  		return defaultValue;  	} +	  	@Override -	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) { -		return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.convertPropertiesToMap(properties), addPrefixToKey(prefix)); +	public Boolean getBasicConfigurationBoolean(String key) { +		final String value = getBasicConfiguration(key); +		if (value != null) +			return Boolean.parseBoolean(value); +		else +			return null;  	} +  	@Override -	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { -		final String value = getBasicConfiguration(key);		 -		if (StringUtils.isNotEmpty(value)) -			return Boolean.valueOf(value.trim()); -						 -		return defaultValue; +	public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) { +		final Boolean result = getBasicConfigurationBoolean(key); +		if (result != null) +			return result; +		else +			return defaultValue; +		 +	} +	 +	@Override +	public Map<String, String> getBasicConfigurationWithPrefix(String prefix) { +		return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.convertPropertiesToMap(properties), addPrefixToKey(prefix));  	} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java index 62245331..1a344feb 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java @@ -88,7 +88,7 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat  	}  	@Override -	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {				 +	public Map<String, String> getBasicConfigurationWithPrefix(String prefix) {				  		final Map<String, String> configProps = getPropertiesStartingWith((ConfigurableEnvironment) env, addPrefixToKey(prefix));  		return KeyValueUtils.removePrefixFromKeys(configProps, addPrefixToKey(prefix) + "."); @@ -96,17 +96,24 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat  	}  	@Override -	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { -		final String value = getBasicConfiguration(key);		 +	public Boolean getBasicConfigurationBoolean(String key) { +		final String value = getBasicConfiguration(key);  		if (StringUtils.isNotEmpty(value))  			return Boolean.valueOf(value.trim()); -						 -		return defaultValue; -		 +		else +			return null;  	} -	  	@Override +	public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) { +		final Boolean value = getBasicConfigurationBoolean(key);		 +		if (value != null) +			return value; +		else +			return defaultValue; +	} +	 +	@Override  	public URI getConfigurationRootDirectory() {  		try {  			return new URI(env.getRequiredProperty(addPrefixToKey(PROP_CONFIG_ROOT_DIR))); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java index 1da8036c..5ad44801 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java @@ -72,7 +72,7 @@ public abstract class AbstractController {  	@Autowired protected IRevisionLogger revisionsLogger;  	@ExceptionHandler({EAAFException.class}) -	public void MOAIDExceptionHandler(final HttpServletRequest req, final HttpServletResponse resp, final Exception e) throws IOException {				 +	public void EAAFExceptionHandler(final HttpServletRequest req, final HttpServletResponse resp, final Exception e) throws IOException {				  		try {  			protAuthService.handleErrorNoRedirect(e, req, resp, true); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java index a5b79f6a..926b2bd5 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java @@ -75,7 +75,7 @@ public class HttpClientFactory {  		httpClientBuilder.setDefaultRequestConfig(requestConfig);  		//set  pool connection if requested -		if (basicConfig.getBasicMOAIDConfigurationBoolean( +		if (basicConfig.getBasicConfigurationBoolean(  				PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE,   				true)) {  			final PoolingHttpClientConnectionManager pool = new PoolingHttpClientConnectionManager(); @@ -97,7 +97,7 @@ public class HttpClientFactory {  			log.trace("Initializing SSL Context ... ");  			final SSLContext sslContext = SSLContext.getDefault();  			HostnameVerifier hostnameVerifier = null; -			if (basicConfig.getBasicMOAIDConfigurationBoolean( +			if (basicConfig.getBasicConfigurationBoolean(  					PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL,   					false)) {  				hostnameVerifier = new NoopHostnameVerifier(); diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 2decf67c..7b977193 100644 --- a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -9,3 +9,7 @@ at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDeIDASQAALevelAttributeBuilde  at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder  at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder  at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSignerCertificate +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDCcsURL
\ No newline at end of file diff --git a/eaaf_core/src/main/resources/eaaf_core.beans.xml b/eaaf_core/src/main/resources/eaaf_core.beans.xml index e750a49f..27b0f381 100644 --- a/eaaf_core/src/main/resources/eaaf_core.beans.xml +++ b/eaaf_core/src/main/resources/eaaf_core.beans.xml @@ -12,9 +12,6 @@  		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd  		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> -	<bean 	id="eaafProtocolAuthenticationService" -			class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService" /> -  	<bean	id="httpClientFactory"  			class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" /> diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java index 880582cd..ffb921ce 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java @@ -27,25 +27,11 @@ public class DummyConfiguration implements IConfiguration {  	}  	@Override -	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) { +	public Map<String, String> getBasicConfigurationWithPrefix(String prefix) {  		// TODO Auto-generated method stub  		return null;  	} - -	@Override -	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { -		if (AbstractAuthenticationDataBuilder.CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING.equals(key)) { -			if (isIDLEscapingEnabled == null) -				return defaultValue; -			else -				return isIDLEscapingEnabled; -			 -		} -		 -		 -		return false; -	} - +	  	@Override  	public ISPConfiguration getServiceProviderConfiguration(String uniqueID) throws EAAFConfigurationException {  		// TODO Auto-generated method stub @@ -74,4 +60,25 @@ public class DummyConfiguration implements IConfiguration {  	public void setIsIDLEscapingEnabled(Boolean isIDLEscapingEnabled) {  		this.isIDLEscapingEnabled = isIDLEscapingEnabled;  	} + +	@Override +	public Boolean getBasicConfigurationBoolean(String key) { +		return null; +		 +	} + +	@Override +	public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) { +		if (AbstractAuthenticationDataBuilder.CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING.equals(key)) { +			if (isIDLEscapingEnabled == null) +				return defaultValue; +			else +				return isIDLEscapingEnabled; +			 +		} +		 +		 +		return false; +		 +	}  } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java index 2a92e5f3..e4ebe433 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java @@ -133,6 +133,30 @@ public interface PVPAttributeDefinitions {  	public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.108";	  	public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_EIDAS_QAA_LEVEL_OID;  	public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-EIDAS-LEVEL"; + +	public static final String EID_IDENTITY_STATUS_LEVEL_OID = "1.2.40.0.10.2.1.1.261.109";	 +	public static final String EID_IDENTITY_STATUS_LEVEL_NAME = URN_OID_PREFIX + EID_IDENTITY_STATUS_LEVEL_OID; +	public static final String EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME = "EID-IDENTITY-STATUS-LEVEL"; +	public enum EID_IDENTITY_STATUS_LEVEL_VALUES { +		IDENTITY("http://eid.gv.at/eID/status/identity"),  +		TESTIDENTITY("http://eid.gv.at/eID/status/testidentity"), +		SYSTEM("http://eid.gv.at/eID/status/system"); +		 +		private final String uri; +		 +		private EID_IDENTITY_STATUS_LEVEL_VALUES(String uri) { +			this.uri = uri;  +		} +		 +		/** +		 * Get the URI based status identifier of an E-ID +		 *  +		 * @return +		 */ +		public String getURI() { +			return this.uri; +		} +	};  	public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32";  	public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID; diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java index eceec2a6..7d564b58 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java @@ -57,27 +57,35 @@ public interface IConfiguration {  	 */  	public String getBasicConfiguration(final String key, final String defaultValue); +	  	/** -	 * Get a set of configuration values from file based configuration that starts with this prefix -	 * <br><br> -	 * <b>Important:</b> The configuration values must be of type String!  +	 * Get a configuration value from file based configuration  	 *  -	 * @param prefix Prefix of the configuration key -	 * @return Map<String, String> without prefix, but never null +	 * @param key configuration key  +	 * @return configuration value as {@link Boolean.parseBoolean(value)} or <code>null</code> if key does not exist  	 */ -	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(final String prefix); -	 +	public Boolean getBasicConfigurationBoolean(final String key);  	/** -	 * Get a boolean value from basic MOA-ID configuration file +	 * Get a configuration value from file based configuration  	 *  -	 * @param key Configuration key -	 * @param defaultValue Default result -	 * @return returns the value of the configuration key, or the default value if the key is not set +	 * @param key configuration key  +	 * @param defaultValue Default value if no value with this key is found +	 * @return configuration value as {@link Boolean.parseBoolean(value)} or <code>defaultValue</code> if key does not exist  	 */ -	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue); +	public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue);  	/** +	 * Get a set of configuration values from file based configuration that starts with this prefix +	 * <br><br> +	 * <b>Important:</b> The configuration values must be of type String!  +	 *  +	 * @param prefix Prefix of the configuration key +	 * @return Map<String, String> without prefix, but never null +	 */ +	public Map<String, String> getBasicConfigurationWithPrefix(final String prefix); +		 +	/**  	 * Get a configuration entry for a specific Service Provider   	 *   	 * @param uniqueID Unique identifier of the Service Provider diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java new file mode 100644 index 00000000..74c84468 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java @@ -0,0 +1,45 @@ +package at.gv.egiz.eaaf.core.api.idp; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; + +public interface IEidAuthData extends IAuthData { + +	/** +	 * Get the serialized signing certificate that was used to sign the consent +	 *  +	 * @return +	 */ +	byte[] getSignerCertificate(); + +	 +	/** +	 * Get the serialized E-ID token that can be used to validate the Identity-Link +	 *  +	 * @return +	 */ +	byte[] getEIDToken(); + + +	/** +	 * Get the status of the E-ID   +	 *  +	 * @return {@link PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES} +	 */ +	PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus(); +	 +	 +	/** +	 * Get the URL of the VDA EndPoint, that was used for authentication +	 *  +	 * @return  +	 */ +	String getVdaEndPointUrl(); +	 +	 +	/** +	 * Flag that mandates are used +	 *  +	 * @return true if mandates are used, otherwise false +	 */ +	boolean isUseMandate(); +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java index efeecbe5..f02b3bf6 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java @@ -30,8 +30,8 @@ public class AttributeBuilderException extends EAAFIDPException {  	private static final long serialVersionUID = 1L; -	public AttributeBuilderException(String msg) { -		super(msg); +	public AttributeBuilderException(String attrName) { +		super("builder.12", new Object[] {attrName});  	}  } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java index 8af806d0..7f504a5a 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java @@ -38,4 +38,9 @@ public class EAAFIDPException extends EAAFException {  	} +	public EAAFIDPException(String msg, Object[] params) { +		super(msg, params); +		 +	} +	  } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java index d87af4d1..626cbea7 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java @@ -33,10 +33,10 @@ public class UnavailableAttributeException extends AttributeBuilderException {  	 */  	private static final long serialVersionUID = -1114323185905118432L; -	private String attributeName; +	private final String attributeName;  	public UnavailableAttributeException(String attributeName) { -		super("Attribute " + attributeName + " is not available."); +		super(attributeName);  		this.attributeName = attributeName;  	} diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java index b0949cd3..dfcaaf5a 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java @@ -183,7 +183,7 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl  		//String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);		  		final String spSpecificVDAEndpoints = null; -		final Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); +		final Map<String, String> endPointMap = authConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);  		if (StringUtils.isNotEmpty(spSpecificVDAEndpoints)) {  			endPointMap.putAll(KeyValueUtils.convertListToMap(  							KeyValueUtils.getListOfCSVValues( diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java index a377a4c0..5abbd543 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java @@ -100,10 +100,10 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask  				//validate signature  				final VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(  						sl20ReqObj, joseTools,  -						authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); +						authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));  				if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) { -					if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { +					if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {  						log.info("SL20 result from VDA was not valid signed");  						throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java new file mode 100644 index 00000000..9548d96b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java @@ -0,0 +1,20 @@ +package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data; + +import java.io.InputStream; +import java.util.Map; + +/** + * Inject additional XML schemes into MOA-Sig + *  + * @author tlenz + * + */ +public interface ISchemaRessourceProvider { + +	/** +	 * Get a Map of additional XML schemes that should be injected into MOA-Sig  +	 *  +	 * @return A Set of {@link Entry} consist of Name of the Scheme and XML scheme as {@link InputStream}   +	 */ +	public Map<String, InputStream> getSchemas(); +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java index fe99e328..d796c165 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java @@ -1,7 +1,11 @@  package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; +import java.io.IOException; +import java.io.InputStream;  import java.security.Provider;  import java.security.Security; +import java.util.Iterator; +import java.util.Map.Entry;  import javax.annotation.PostConstruct;  import javax.xml.parsers.DocumentBuilder; @@ -10,13 +14,16 @@ import javax.xml.parsers.ParserConfigurationException;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired;  import org.w3c.dom.Document; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ISchemaRessourceProvider;  import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceConfigurationException;  import at.gv.egovernment.moa.spss.MOAException;  import at.gv.egovernment.moa.spss.api.Configurator;  import at.gv.egovernment.moaspss.logging.LoggingContext;  import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import at.gv.egovernment.moaspss.util.DOMUtils;  import iaik.asn1.structures.AlgorithmID;  import iaik.security.ec.provider.ECCelerate;  import iaik.security.provider.IAIK; @@ -25,6 +32,7 @@ public abstract class AbstractSignatureService {  	private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class);  	private static boolean isMOASigInitialized = false; +	@Autowired(required=false) ISchemaRessourceProvider[] schemas;  	@PostConstruct  	private synchronized void initialize() throws MOASigServiceConfigurationException { @@ -66,6 +74,30 @@ public abstract class AbstractSignatureService {  	        } +	         +	        //Inject additional XML schemes +	        if (schemas != null && schemas.length > 0) { +	        	log.debug("Infjecting additional XML schemes ... "); +	        	for (final ISchemaRessourceProvider el : schemas) { +	        		final Iterator<Entry<String, InputStream>> xmlSchemeIt = el.getSchemas().entrySet().iterator(); +	        		while (xmlSchemeIt.hasNext()) { +						final Entry<String, InputStream> xmlDef = xmlSchemeIt.next(); +						try { +							DOMUtils.addSchemaToPool(xmlDef.getValue(), xmlDef.getKey()); +							log.info("Inject XML scheme: {}", xmlDef.getKey()); +							 +						} catch (final IOException e) { +							log.warn("Can NOT inject XML scheme: " + xmlDef.getKey(), e); +							 +						} +						 +					}	        			        		 +	        	} +	        	 +	        } else +	        	log.trace("No additional XML schemes to inject. Skip this feature"); +	         +	          	        isMOASigInitialized = true;  		} else diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java index 1608490d..ca20ce0f 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java @@ -221,12 +221,12 @@ public class SignatureVerificationService extends AbstractSignatureService imple  			verifySignatureLocationElem.appendChild(signatureLocation);        			// signature manifest params -			final Element signatureManifestCheckParamsElem = requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); -			requestElem_.appendChild(signatureManifestCheckParamsElem); -			signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); +			if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) {				 +				final Element signatureManifestCheckParamsElem = requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); +				requestElem_.appendChild(signatureManifestCheckParamsElem); +				signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); -			//verify transformations -			if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) { +				//verify transformations			  				final Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");  				signatureManifestCheckParamsElem.appendChild(referenceInfoElem);  				for (final String element : verifyTransformsInfoProfileID) { diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index e5cc555a..ae942318 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -62,6 +62,11 @@  	    <artifactId>xmlsec</artifactId>    	</dependency>    	<dependency> +    	<groupId>org.bouncycastle</groupId> +    	<artifactId>bcprov-jdk15on</artifactId> +	</dependency> +  	 +  	<dependency>      	<groupId>org.owasp.esapi</groupId>      	<artifactId>esapi</artifactId>  	</dependency>  	 diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index 4ec7cf99..cbbed659 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -90,31 +90,32 @@ public class AuthenticationAction implements IAction {  	} +	@Override  	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,  			HttpServletResponse httpResp, IAuthData authData) throws ResponderErrorException {		 -		PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req; +		final PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req;  		try {  			//get basic information  -			PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest(); -			AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest(); -			EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);		 +			final PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest(); +			final AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest(); +			final EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);		 -			AssertionConsumerService consumerService =  +			final AssertionConsumerService consumerService =   					SAML2Utils.createSAMLObject(AssertionConsumerService.class);  			consumerService.setBinding(pvpRequest.getBinding());  			consumerService.setLocation(pvpRequest.getConsumerURL()); -			DateTime date = new DateTime();		  -			SLOInformationImpl sloInformation = new SLOInformationImpl(); -			String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL()); +			final DateTime date = new DateTime();		  +			final SLOInformationImpl sloInformation = new SLOInformationImpl(); +			final String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL());  			//build Assertion -			Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData,  +			final Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData,   					peerEntity, date, consumerService, sloInformation); -			Response authResponse = AuthResponseBuilder.buildResponse( +			final Response authResponse = AuthResponseBuilder.buildResponse(  					metadataProvider, issuerEntityID, authnRequest,  -					date, assertion, authConfig.getBasicMOAIDConfigurationBoolean( +					date, assertion, authConfig.getBasicConfigurationBoolean(  							CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION, true));  			IEncoder binding = null; @@ -148,11 +149,11 @@ public class AuthenticationAction implements IAction {  			 log.warn("Message Encoding exception", e);  			throw new ResponderErrorException("pvp2.01", null, e); -		} catch (EAAFException e) { +		} catch (final EAAFException e) {  			 log.info("Response generation error: Msg: ", e.getMessage());  			throw new ResponderErrorException(e.getErrorId(), e.getParams(), e); -		} catch (Exception e) { +		} catch (final Exception e) {  			 log.warn("Response generation error", e);  			throw new ResponderErrorException("pvp2.01", null, e); @@ -160,11 +161,13 @@ public class AuthenticationAction implements IAction {  	} +	@Override  	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,  			HttpServletResponse httpResp) {  		return true;  	} +	@Override  	public String getDefaultActionName() {  		return "PVPAuthenticationRequestAction"; @@ -50,7 +50,8 @@        	<org.opensaml.version>2.6.6</org.opensaml.version>  		<org.opensaml.xmltooling.version>1.4.6</org.opensaml.xmltooling.version>  		<org.opensaml.openws.version>1.5.6</org.opensaml.openws.version> -		<org.apache.santuario.xmlsec.version>2.1.2</org.apache.santuario.xmlsec.version> +		<org.apache.santuario.xmlsec.version>2.1.3</org.apache.santuario.xmlsec.version> +		<org.bouncycastle.bcprov-jdk15on.version>1.61</org.bouncycastle.bcprov-jdk15on.version>  		<org.owasp.esapi.version>2.1.0.1</org.owasp.esapi.version>      	      		  		    		<surefire.version>2.22.0</surefire.version>	    		<org.slf4j.version>1.7.25</org.slf4j.version> @@ -310,6 +311,12 @@  	    		<version>${org.apache.santuario.xmlsec.version}</version>  			</dependency>  			<dependency> +   			<groupId>org.bouncycastle</groupId> +    			<artifactId>bcprov-jdk15on</artifactId> +    			<version>${org.bouncycastle.bcprov-jdk15on.version}</version> +			</dependency> +			 +			<dependency>  				<groupId>org.owasp.esapi</groupId>      			<artifactId>esapi</artifactId>      			<version>${org.owasp.esapi.version}</version> | 
