summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-06-19 08:55:49 +0200
committerChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-06-19 08:55:49 +0200
commit1bad320e50f66e44fcb23f0c8d242809f8077520 (patch)
tree2c65c6f9ca55c95c2327bdd39474cfab35f73d46
parent5d306c41c0033f330413cf2b18db9f1137d51980 (diff)
parent470ac2c6234a0bac1e973fd3c1f49e1d9da41be4 (diff)
downloadEAAF-Components-1bad320e50f66e44fcb23f0c8d242809f8077520.tar.gz
EAAF-Components-1bad320e50f66e44fcb23f0c8d242809f8077520.tar.bz2
EAAF-Components-1bad320e50f66e44fcb23f0c8d242809f8077520.zip
Merge branch 'master' into moa-sig-dependency-fixup
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java13
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java4
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java121
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java3
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java35
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java44
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java69
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java80
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java47
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java28
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java21
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java2
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java4
-rw-r--r--eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder4
-rw-r--r--eaaf_core/src/main/resources/eaaf_core.beans.xml3
-rw-r--r--eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java39
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java24
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java32
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java45
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java4
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java5
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java4
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java2
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java4
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java20
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java32
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java10
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/pom.xml5
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java29
-rw-r--r--pom.xml9
30 files changed, 646 insertions, 96 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java
index 51b4e0b4..c9c2ec0b 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java
@@ -103,9 +103,9 @@ public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilder
@Override
public final Map<String, Object> getViewParameters() {
//set generic parameters
- setViewParameter(PARAM_GROUP_FORM, PARAM_AUTHCONTEXT, this.authURL);
- setViewParameter(PARAM_GROUP_FORM, PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint);
- setViewParameter(PARAM_GROUP_FORM, PARAM_VIEWNAME, this.viewName);
+ setViewParameter(getFromGroup(), PARAM_AUTHCONTEXT, this.authURL);
+ setViewParameter(getFromGroup(), PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint);
+ setViewParameter(getFromGroup(), PARAM_VIEWNAME, this.viewName);
//get parameters from detail implementation
putSpecificViewParameters();
@@ -126,6 +126,13 @@ public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilder
*
*/
abstract protected void putSpecificViewParameters();
+
+ /**
+ * Get the Group for generic form elements
+ *
+ * @return groupName or <code>null</code> if no groups are used
+ */
+ abstract protected String getFromGroup();
@SuppressWarnings("unchecked")
protected void setViewParameter(String group, String key, Object value) {
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java
index 65e13b5a..b9c16538 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java
@@ -77,7 +77,7 @@ public abstract class AbstractVelocityGUIFormBuilderImpl implements IVelocityGui
public final void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGUIBuilderConfiguration config,
String loggerName) throws GUIBuildException {
if (config instanceof IVelocityGUIBuilderConfiguration)
- build(httpReq, httpResp, config, loggerName);
+ build(httpReq, httpResp, (IVelocityGUIBuilderConfiguration)config, loggerName);
else
throw new IllegalStateException(this.getClass().getName() + " needs a " + IVelocityGUIBuilderConfiguration.class.getName());
@@ -88,7 +88,7 @@ public abstract class AbstractVelocityGUIFormBuilderImpl implements IVelocityGui
public final void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGUIBuilderConfiguration config,
String contentType, String loggerName) throws GUIBuildException {
if (config instanceof IVelocityGUIBuilderConfiguration)
- build(httpReq, httpResp, config, loggerName);
+ build(httpReq, httpResp, (IVelocityGUIBuilderConfiguration)config, contentType, loggerName);
else
throw new IllegalStateException(this.getClass().getName() + " needs a " + IVelocityGUIBuilderConfiguration.class.getName());
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java
new file mode 100644
index 00000000..86728c05
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java
@@ -0,0 +1,121 @@
+package at.gv.egiz.eaaf.core.impl.idp;
+
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.lang.NonNull;
+import org.springframework.util.Assert;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+
+public class EidAuthenticationData extends AuthenticationData implements IEidAuthData {
+ private static final Logger log = LoggerFactory.getLogger(EidAuthenticationData.class);
+
+
+ private static final long serialVersionUID = -7106142572904327044L;
+
+ private byte[] eIDToken;
+ private byte[] signerCertificate;
+ private EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus;
+ private String vdaEndpointUrl;
+ private boolean useMandate = false;
+
+ @Override
+ public byte[] getSignerCertificate() {
+ return this.signerCertificate;
+ }
+
+ @Override
+ public byte[] getEIDToken() {
+ return this.eIDToken;
+ }
+
+ @Override
+ public EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus() {
+ return this.eidStatus;
+
+ }
+
+ @Override
+ public boolean isUseMandate() {
+ return useMandate;
+ }
+
+ @Override
+ public String getVdaEndPointUrl() {
+ return vdaEndpointUrl;
+
+ }
+
+ /**
+ * Set the status of the E-ID identity
+ *
+ * @param eidStatus
+ */
+ public void setEidStatus(EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus) {
+ this.eidStatus = eidStatus;
+ }
+
+ /**
+ * Set Online IdentityLink to AuthenticationData
+ *
+ * @param eIDToken
+ */
+ public void seteIDToken(final byte[] eIDToken) {
+ this.eIDToken = eIDToken;
+
+ }
+
+ /**
+ * Set the signing certificate that was used to sign the user consent
+ *
+ * @param signerCertificate
+ */
+ public void setSignerCertificate(@NonNull final X509Certificate signerCertificate) {
+ Assert.notNull(signerCertificate, "Signer certificate is null");
+ try {
+ this.signerCertificate = signerCertificate.getEncoded();
+
+ } catch (final CertificateEncodingException e) {
+ log.warn("Can NOT serialized signer-certificate", e);
+ log.warn("Signer certificate will be ignored");
+
+ }
+ }
+
+ /**
+ * Set the signing certificate that was used to sign the user consent
+ *
+ * @param signerCertificate
+ */
+ public void setSignerCertificate(final byte[] signerCertificate) {
+ this.signerCertificate = signerCertificate;
+
+ }
+
+ /**
+ * Set flag that mandates are used in this process
+ *
+ * @param useMandate true if mandates was used, otherwise false
+ */
+ public void setUseMandate(boolean useMandate) {
+ this.useMandate = useMandate;
+ }
+
+
+ /**
+ * Set URL of the EndPoint that was used on VDA for authentication
+ *
+ * @param vdaEndpointUrl
+ */
+ public void setVdaEndpointUrl(String vdaEndpointUrl) {
+ this.vdaEndpointUrl = vdaEndpointUrl;
+ }
+
+
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
index 2482d65f..47b1ecf9 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
@@ -172,7 +172,6 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
internalAuthData.setDateOfBirth(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.BIRTHDATE_NAME, String.class));
internalAuthData.setEncSourceId(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_NAME, String.class));
internalAuthData.setEncSourceIdType(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_TYPE_NAME, String.class));
-
//####################################################
//set QAA level
@@ -574,7 +573,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
* but there it is not neccesary. We fix this problem in 3.4.3, but the fix can be deactivated
* for dependency reasons.
*/
- if (basicConfig.getBasicMOAIDConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) {
+ if (basicConfig.getBasicConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) {
authData.setGivenName(identityLink.getGivenName().replaceAll("'", "&#39;"));
authData.setFamilyName(identityLink.getFamilyName().replaceAll("'", "&#39;"));
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index 6f416414..0aa7ff89 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -48,7 +48,7 @@ import at.gv.egiz.eaaf.core.api.IStatusMessenger;
import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory;
-import at.gv.egiz.eaaf.core.api.gui.ISpringMVCGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
import at.gv.egiz.eaaf.core.api.idp.IAction;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
@@ -83,7 +83,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
@Autowired(required=true) private ITransactionStorage transactionStorage;
@Autowired(required=true) private IAuthenticationManager authmanager;
@Autowired(required=true) private IAuthenticationDataBuilder authDataBuilder;
- @Autowired(required=true) private ISpringMVCGUIFormBuilder guiBuilder;
@Autowired(required=true) private IGUIBuilderConfigurationFactory guiConfigFactory;
@Autowired(required=true) private IStatusMessenger statusMessager;
@Autowired(required=true) private IRequestStorage requestStorage;
@@ -93,6 +92,9 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
@Autowired private IStatisticLogger statisticLogger;
@Autowired private IRevisionLogger revisionsLogger;
+
+ private IGUIFormBuilder guiBuilder;
+
/* (non-Javadoc)
* @see at.gv.egiz.eaaf.core.impl.idp.auth.services.IProtocolAuthenticationService#performAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egiz.eaaf.core.api.IRequest)
*/
@@ -257,6 +259,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
}
+
+ public void setGuiBuilder(IGUIFormBuilder guiBuilder) {
+ this.guiBuilder = guiBuilder;
+ }
+
/**
* Finalize the requested protocol operation
*
@@ -366,16 +373,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
}
}
- private void writeBadRequestErrorResponse(final HttpServletRequest req, final HttpServletResponse resp, final EAAFException e) throws IOException {
- final String code = statusMessager.mapInternalErrorToExternalError(((InvalidProtocolRequestException)e).getErrorId());
- final String descr = StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage()));
- resp.setContentType(EAAFConstants.CONTENTTYPE_HTML_UTF8);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
- "(Errorcode=" + code +
- " | Description=" + descr + ")");
-
- }
-
private void writeHTMLErrorResponse(@NonNull final HttpServletRequest httpReq, @NonNull final HttpServletResponse httpResp,
@NonNull final String msg, @NonNull final String errorCode, @Nullable final Object[] params, @NonNull final Exception error) throws IOException, EAAFException {
@@ -457,11 +454,21 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
statisticLogger.logErrorOperation(ex, ex.getErrorRequest());
//write error message
- writeBadRequestErrorResponse(req, resp, (EAAFException) e);
+ //writeBadRequestErrorResponse(req, resp, (EAAFException) e);
+ writeHTMLErrorResponse(req, resp,
+ e.getMessage(),
+ statusMessager.getResponseErrorCode(e),
+ null,
+ e);
} else if (e instanceof InvalidProtocolRequestException) {
//send error response
- writeBadRequestErrorResponse(req, resp, (EAAFException) e);
+ //writeBadRequestErrorResponse(req, resp, (EAAFException) e);
+ writeHTMLErrorResponse(req, resp,
+ e.getMessage(),
+ statusMessager.getResponseErrorCode(e),
+ null,
+ e);
} else if (e instanceof ConfigurationException) {
//send HTML formated error message
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java
new file mode 100644
index 00000000..ec0f5d0c
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java
@@ -0,0 +1,44 @@
+package at.gv.egiz.eaaf.core.impl.idp.builder.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+
+@PVPMETADATA
+public class EIDCcsURL implements IPVPAttributeBuilder {
+ private static final Logger log = LoggerFactory.getLogger(EID_CCS_URL_NAME);
+
+ @Override
+ public String getName() {
+ return EID_CCS_URL_NAME;
+ }
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+ if (authData instanceof IEidAuthData) {
+ final String bkuurl = ((IEidAuthData)authData).getVdaEndPointUrl();
+ if (StringUtils.isNotEmpty(bkuurl))
+ return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl);
+
+
+ } else
+ log.info(EID_CCS_URL_FRIENDLY_NAME + " is only available in MOA-ID context");
+
+ throw new UnavailableAttributeException(EID_CCS_URL_NAME);
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME);
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java
new file mode 100644
index 00000000..698393ea
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java
@@ -0,0 +1,69 @@
+/*******************************************************************************
+ * Copyright 2019 Graz University of Technology
+ * EAAF-Core Components has been developed in a cooperation between EGIZ,
+ * A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp.builder.attributes;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.util.Base64Utils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+
+@PVPMETADATA
+public class EIDEIDTokenBuilder implements IPVPAttributeBuilder {
+ private static final Logger log = LoggerFactory.getLogger(EIDEIDTokenBuilder.class);
+
+
+ @Override
+ public String getName() {
+ return EID_E_ID_TOKEN_NAME;
+ }
+
+ @Override
+ public <ATT> ATT build(final ISPConfiguration oaParam, final IAuthData authData,
+ final IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+
+ if (authData instanceof IEidAuthData) {
+ if (((IEidAuthData)authData).getEIDToken() == null)
+ throw new UnavailableAttributeException(EID_E_ID_TOKEN_NAME);
+
+ return g.buildStringAttribute(EID_E_ID_TOKEN_FRIENDLY_NAME,
+ EID_E_ID_TOKEN_NAME, Base64Utils.encodeToString(((IEidAuthData)authData).getEIDToken()));
+ } else
+ log.info(EID_E_ID_TOKEN_FRIENDLY_NAME + " is only available in AuthHandler context");
+
+ throw new UnavailableAttributeException(EID_E_ID_TOKEN_NAME);
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(EID_E_ID_TOKEN_FRIENDLY_NAME,
+ EID_E_ID_TOKEN_NAME);
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java
new file mode 100644
index 00000000..bab521b4
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java
@@ -0,0 +1,80 @@
+/*******************************************************************************
+ * Copyright 2019 Graz University of Technology
+ * EAAF-Core Components has been developed in a cooperation between EGIZ,
+ * A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp.builder.attributes;
+
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.util.Base64Utils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+
+@PVPMETADATA
+public class EIDSignerCertificate implements IPVPAttributeBuilder {
+ private static final Logger log = LoggerFactory.getLogger(EIDSignerCertificate.class);
+
+ @Override
+ public String getName() {
+ return EID_SIGNER_CERTIFICATE_NAME;
+ }
+
+ @Override
+ public <ATT> ATT build(final ISPConfiguration oaParam, final IAuthData authData,
+ final IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+
+ if (authData instanceof IEidAuthData) {
+ try {
+
+ final byte[] signerCertificate = ((IEidAuthData)authData).getSignerCertificate();
+ if (signerCertificate != null) {
+ return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME,
+ Base64Utils.encodeToString(signerCertificate));
+
+ } else
+ log.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context");
+
+ } catch (final Exception e) {
+ log.info("Signer certificate BASE64 encoding error");
+
+ }
+
+ } else
+ log.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in AuthHandler context");
+
+
+ throw new UnavailableAttributeException(EID_SIGNER_CERTIFICATE_NAME);
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME);
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java
new file mode 100644
index 00000000..6a8de559
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java
@@ -0,0 +1,47 @@
+package at.gv.egiz.eaaf.core.impl.idp.builder.attributes;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+
+@PVPMETADATA
+public class EidIdentityStatusLevelAttributeBuiler implements IPVPAttributeBuilder {
+ private static final Logger log = LoggerFactory.getLogger(EidIdentityStatusLevelAttributeBuiler.class);
+
+ @Override
+ public String getName() {
+ return EID_IDENTITY_STATUS_LEVEL_NAME;
+ }
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ if (authData instanceof IEidAuthData) {
+ if (((IEidAuthData)authData).getEIDStatus() == null)
+ throw new UnavailableAttributeException(getName());
+
+ return g.buildStringAttribute(getFriendlyName(),
+ getName(), ((IEidAuthData)authData).getEIDStatus().getURI());
+ } else
+ log.info(getFriendlyName() + " is only available in EAAF context");
+
+ throw new UnavailableAttributeException(getName());
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(getFriendlyName(), getName());
+ }
+
+ private String getFriendlyName() {
+ return EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME;
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java
index af009b10..55662326 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java
@@ -158,19 +158,31 @@ public abstract class AbstractConfigurationImpl implements IExtendedConfiguratio
return defaultValue;
}
+
@Override
- public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
- return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.convertPropertiesToMap(properties), addPrefixToKey(prefix));
+ public Boolean getBasicConfigurationBoolean(String key) {
+ final String value = getBasicConfiguration(key);
+ if (value != null)
+ return Boolean.parseBoolean(value);
+ else
+ return null;
}
+
@Override
- public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
- final String value = getBasicConfiguration(key);
- if (StringUtils.isNotEmpty(value))
- return Boolean.valueOf(value.trim());
-
- return defaultValue;
+ public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) {
+ final Boolean result = getBasicConfigurationBoolean(key);
+ if (result != null)
+ return result;
+ else
+ return defaultValue;
+
+ }
+
+ @Override
+ public Map<String, String> getBasicConfigurationWithPrefix(String prefix) {
+ return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.convertPropertiesToMap(properties), addPrefixToKey(prefix));
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
index 62245331..1a344feb 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
@@ -88,7 +88,7 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat
}
@Override
- public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+ public Map<String, String> getBasicConfigurationWithPrefix(String prefix) {
final Map<String, String> configProps = getPropertiesStartingWith((ConfigurableEnvironment) env, addPrefixToKey(prefix));
return KeyValueUtils.removePrefixFromKeys(configProps, addPrefixToKey(prefix) + ".");
@@ -96,17 +96,24 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat
}
@Override
- public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
- final String value = getBasicConfiguration(key);
+ public Boolean getBasicConfigurationBoolean(String key) {
+ final String value = getBasicConfiguration(key);
if (StringUtils.isNotEmpty(value))
return Boolean.valueOf(value.trim());
-
- return defaultValue;
-
+ else
+ return null;
}
-
@Override
+ public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) {
+ final Boolean value = getBasicConfigurationBoolean(key);
+ if (value != null)
+ return value;
+ else
+ return defaultValue;
+ }
+
+ @Override
public URI getConfigurationRootDirectory() {
try {
return new URI(env.getRequiredProperty(addPrefixToKey(PROP_CONFIG_ROOT_DIR)));
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
index 1da8036c..5ad44801 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
@@ -72,7 +72,7 @@ public abstract class AbstractController {
@Autowired protected IRevisionLogger revisionsLogger;
@ExceptionHandler({EAAFException.class})
- public void MOAIDExceptionHandler(final HttpServletRequest req, final HttpServletResponse resp, final Exception e) throws IOException {
+ public void EAAFExceptionHandler(final HttpServletRequest req, final HttpServletResponse resp, final Exception e) throws IOException {
try {
protAuthService.handleErrorNoRedirect(e, req, resp, true);
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
index a5b79f6a..926b2bd5 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
@@ -75,7 +75,7 @@ public class HttpClientFactory {
httpClientBuilder.setDefaultRequestConfig(requestConfig);
//set pool connection if requested
- if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ if (basicConfig.getBasicConfigurationBoolean(
PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE,
true)) {
final PoolingHttpClientConnectionManager pool = new PoolingHttpClientConnectionManager();
@@ -97,7 +97,7 @@ public class HttpClientFactory {
log.trace("Initializing SSL Context ... ");
final SSLContext sslContext = SSLContext.getDefault();
HostnameVerifier hostnameVerifier = null;
- if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ if (basicConfig.getBasicConfigurationBoolean(
PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL,
false)) {
hostnameVerifier = new NoopHostnameVerifier();
diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 2decf67c..7b977193 100644
--- a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -9,3 +9,7 @@ at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDeIDASQAALevelAttributeBuilde
at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder
at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder
at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSignerCertificate
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDCcsURL \ No newline at end of file
diff --git a/eaaf_core/src/main/resources/eaaf_core.beans.xml b/eaaf_core/src/main/resources/eaaf_core.beans.xml
index e750a49f..27b0f381 100644
--- a/eaaf_core/src/main/resources/eaaf_core.beans.xml
+++ b/eaaf_core/src/main/resources/eaaf_core.beans.xml
@@ -12,9 +12,6 @@
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
- <bean id="eaafProtocolAuthenticationService"
- class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService" />
-
<bean id="httpClientFactory"
class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" />
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java
index 880582cd..ffb921ce 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java
@@ -27,25 +27,11 @@ public class DummyConfiguration implements IConfiguration {
}
@Override
- public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+ public Map<String, String> getBasicConfigurationWithPrefix(String prefix) {
// TODO Auto-generated method stub
return null;
}
-
- @Override
- public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
- if (AbstractAuthenticationDataBuilder.CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING.equals(key)) {
- if (isIDLEscapingEnabled == null)
- return defaultValue;
- else
- return isIDLEscapingEnabled;
-
- }
-
-
- return false;
- }
-
+
@Override
public ISPConfiguration getServiceProviderConfiguration(String uniqueID) throws EAAFConfigurationException {
// TODO Auto-generated method stub
@@ -74,4 +60,25 @@ public class DummyConfiguration implements IConfiguration {
public void setIsIDLEscapingEnabled(Boolean isIDLEscapingEnabled) {
this.isIDLEscapingEnabled = isIDLEscapingEnabled;
}
+
+ @Override
+ public Boolean getBasicConfigurationBoolean(String key) {
+ return null;
+
+ }
+
+ @Override
+ public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) {
+ if (AbstractAuthenticationDataBuilder.CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING.equals(key)) {
+ if (isIDLEscapingEnabled == null)
+ return defaultValue;
+ else
+ return isIDLEscapingEnabled;
+
+ }
+
+
+ return false;
+
+ }
}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java
index 2a92e5f3..e4ebe433 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java
@@ -133,6 +133,30 @@ public interface PVPAttributeDefinitions {
public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.108";
public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_EIDAS_QAA_LEVEL_OID;
public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-EIDAS-LEVEL";
+
+ public static final String EID_IDENTITY_STATUS_LEVEL_OID = "1.2.40.0.10.2.1.1.261.109";
+ public static final String EID_IDENTITY_STATUS_LEVEL_NAME = URN_OID_PREFIX + EID_IDENTITY_STATUS_LEVEL_OID;
+ public static final String EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME = "EID-IDENTITY-STATUS-LEVEL";
+ public enum EID_IDENTITY_STATUS_LEVEL_VALUES {
+ IDENTITY("http://eid.gv.at/eID/status/identity"),
+ TESTIDENTITY("http://eid.gv.at/eID/status/testidentity"),
+ SYSTEM("http://eid.gv.at/eID/status/system");
+
+ private final String uri;
+
+ private EID_IDENTITY_STATUS_LEVEL_VALUES(String uri) {
+ this.uri = uri;
+ }
+
+ /**
+ * Get the URI based status identifier of an E-ID
+ *
+ * @return
+ */
+ public String getURI() {
+ return this.uri;
+ }
+ };
public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32";
public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID;
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
index eceec2a6..7d564b58 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
@@ -57,27 +57,35 @@ public interface IConfiguration {
*/
public String getBasicConfiguration(final String key, final String defaultValue);
+
/**
- * Get a set of configuration values from file based configuration that starts with this prefix
- * <br><br>
- * <b>Important:</b> The configuration values must be of type String!
+ * Get a configuration value from file based configuration
*
- * @param prefix Prefix of the configuration key
- * @return Map<String, String> without prefix, but never null
+ * @param key configuration key
+ * @return configuration value as {@link Boolean.parseBoolean(value)} or <code>null</code> if key does not exist
*/
- public Map<String, String> getBasicMOAIDConfigurationWithPrefix(final String prefix);
-
+ public Boolean getBasicConfigurationBoolean(final String key);
/**
- * Get a boolean value from basic MOA-ID configuration file
+ * Get a configuration value from file based configuration
*
- * @param key Configuration key
- * @param defaultValue Default result
- * @return returns the value of the configuration key, or the default value if the key is not set
+ * @param key configuration key
+ * @param defaultValue Default value if no value with this key is found
+ * @return configuration value as {@link Boolean.parseBoolean(value)} or <code>defaultValue</code> if key does not exist
*/
- public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue);
+ public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue);
/**
+ * Get a set of configuration values from file based configuration that starts with this prefix
+ * <br><br>
+ * <b>Important:</b> The configuration values must be of type String!
+ *
+ * @param prefix Prefix of the configuration key
+ * @return Map<String, String> without prefix, but never null
+ */
+ public Map<String, String> getBasicConfigurationWithPrefix(final String prefix);
+
+ /**
* Get a configuration entry for a specific Service Provider
*
* @param uniqueID Unique identifier of the Service Provider
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java
new file mode 100644
index 00000000..74c84468
--- /dev/null
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java
@@ -0,0 +1,45 @@
+package at.gv.egiz.eaaf.core.api.idp;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+
+public interface IEidAuthData extends IAuthData {
+
+ /**
+ * Get the serialized signing certificate that was used to sign the consent
+ *
+ * @return
+ */
+ byte[] getSignerCertificate();
+
+
+ /**
+ * Get the serialized E-ID token that can be used to validate the Identity-Link
+ *
+ * @return
+ */
+ byte[] getEIDToken();
+
+
+ /**
+ * Get the status of the E-ID
+ *
+ * @return {@link PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES}
+ */
+ PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus();
+
+
+ /**
+ * Get the URL of the VDA EndPoint, that was used for authentication
+ *
+ * @return
+ */
+ String getVdaEndPointUrl();
+
+
+ /**
+ * Flag that mandates are used
+ *
+ * @return true if mandates are used, otherwise false
+ */
+ boolean isUseMandate();
+}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java
index efeecbe5..f02b3bf6 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/AttributeBuilderException.java
@@ -30,8 +30,8 @@ public class AttributeBuilderException extends EAAFIDPException {
private static final long serialVersionUID = 1L;
- public AttributeBuilderException(String msg) {
- super(msg);
+ public AttributeBuilderException(String attrName) {
+ super("builder.12", new Object[] {attrName});
}
}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java
index 8af806d0..7f504a5a 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFIDPException.java
@@ -38,4 +38,9 @@ public class EAAFIDPException extends EAAFException {
}
+ public EAAFIDPException(String msg, Object[] params) {
+ super(msg, params);
+
+ }
+
}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java
index d87af4d1..626cbea7 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/UnavailableAttributeException.java
@@ -33,10 +33,10 @@ public class UnavailableAttributeException extends AttributeBuilderException {
*/
private static final long serialVersionUID = -1114323185905118432L;
- private String attributeName;
+ private final String attributeName;
public UnavailableAttributeException(String attributeName) {
- super("Attribute " + attributeName + " is not available.");
+ super(attributeName);
this.attributeName = attributeName;
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java
index b0949cd3..dfcaaf5a 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java
@@ -183,7 +183,7 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl
//String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);
final String spSpecificVDAEndpoints = null;
- final Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+ final Map<String, String> endPointMap = authConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
if (StringUtils.isNotEmpty(spSpecificVDAEndpoints)) {
endPointMap.putAll(KeyValueUtils.convertListToMap(
KeyValueUtils.getListOfCSVValues(
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java
index a377a4c0..5abbd543 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java
@@ -100,10 +100,10 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
//validate signature
final VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(
sl20ReqObj, joseTools,
- authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
+ authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) {
- if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
+ if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
log.info("SL20 result from VDA was not valid signed");
throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java
new file mode 100644
index 00000000..9548d96b
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java
@@ -0,0 +1,20 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data;
+
+import java.io.InputStream;
+import java.util.Map;
+
+/**
+ * Inject additional XML schemes into MOA-Sig
+ *
+ * @author tlenz
+ *
+ */
+public interface ISchemaRessourceProvider {
+
+ /**
+ * Get a Map of additional XML schemes that should be injected into MOA-Sig
+ *
+ * @return A Set of {@link Entry} consist of Name of the Scheme and XML scheme as {@link InputStream}
+ */
+ public Map<String, InputStream> getSchemas();
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
index fe99e328..d796c165 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
@@ -1,7 +1,11 @@
package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
+import java.io.IOException;
+import java.io.InputStream;
import java.security.Provider;
import java.security.Security;
+import java.util.Iterator;
+import java.util.Map.Entry;
import javax.annotation.PostConstruct;
import javax.xml.parsers.DocumentBuilder;
@@ -10,13 +14,16 @@ import javax.xml.parsers.ParserConfigurationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
import org.w3c.dom.Document;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ISchemaRessourceProvider;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceConfigurationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.api.Configurator;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import at.gv.egovernment.moaspss.util.DOMUtils;
import iaik.asn1.structures.AlgorithmID;
import iaik.security.ec.provider.ECCelerate;
import iaik.security.provider.IAIK;
@@ -25,6 +32,7 @@ public abstract class AbstractSignatureService {
private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class);
private static boolean isMOASigInitialized = false;
+ @Autowired(required=false) ISchemaRessourceProvider[] schemas;
@PostConstruct
private synchronized void initialize() throws MOASigServiceConfigurationException {
@@ -66,6 +74,30 @@ public abstract class AbstractSignatureService {
}
+
+ //Inject additional XML schemes
+ if (schemas != null && schemas.length > 0) {
+ log.debug("Infjecting additional XML schemes ... ");
+ for (final ISchemaRessourceProvider el : schemas) {
+ final Iterator<Entry<String, InputStream>> xmlSchemeIt = el.getSchemas().entrySet().iterator();
+ while (xmlSchemeIt.hasNext()) {
+ final Entry<String, InputStream> xmlDef = xmlSchemeIt.next();
+ try {
+ DOMUtils.addSchemaToPool(xmlDef.getValue(), xmlDef.getKey());
+ log.info("Inject XML scheme: {}", xmlDef.getKey());
+
+ } catch (final IOException e) {
+ log.warn("Can NOT inject XML scheme: " + xmlDef.getKey(), e);
+
+ }
+
+ }
+ }
+
+ } else
+ log.trace("No additional XML schemes to inject. Skip this feature");
+
+
isMOASigInitialized = true;
} else
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
index 1608490d..ca20ce0f 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -221,12 +221,12 @@ public class SignatureVerificationService extends AbstractSignatureService imple
verifySignatureLocationElem.appendChild(signatureLocation);
// signature manifest params
- final Element signatureManifestCheckParamsElem = requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
- requestElem_.appendChild(signatureManifestCheckParamsElem);
- signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+ if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) {
+ final Element signatureManifestCheckParamsElem = requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+ requestElem_.appendChild(signatureManifestCheckParamsElem);
+ signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
- //verify transformations
- if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) {
+ //verify transformations
final Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
for (final String element : verifyTransformsInfoProfileID) {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index e5cc555a..ae942318 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -62,6 +62,11 @@
<artifactId>xmlsec</artifactId>
</dependency>
<dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
</dependency>
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
index 4ec7cf99..cbbed659 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -90,31 +90,32 @@ public class AuthenticationAction implements IAction {
}
+ @Override
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData authData) throws ResponderErrorException {
- PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req;
+ final PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req;
try {
//get basic information
- PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest();
- AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
- EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);
+ final PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest();
+ final AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
+ final EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);
- AssertionConsumerService consumerService =
+ final AssertionConsumerService consumerService =
SAML2Utils.createSAMLObject(AssertionConsumerService.class);
consumerService.setBinding(pvpRequest.getBinding());
consumerService.setLocation(pvpRequest.getConsumerURL());
- DateTime date = new DateTime();
- SLOInformationImpl sloInformation = new SLOInformationImpl();
- String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL());
+ final DateTime date = new DateTime();
+ final SLOInformationImpl sloInformation = new SLOInformationImpl();
+ final String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL());
//build Assertion
- Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData,
+ final Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData,
peerEntity, date, consumerService, sloInformation);
- Response authResponse = AuthResponseBuilder.buildResponse(
+ final Response authResponse = AuthResponseBuilder.buildResponse(
metadataProvider, issuerEntityID, authnRequest,
- date, assertion, authConfig.getBasicMOAIDConfigurationBoolean(
+ date, assertion, authConfig.getBasicConfigurationBoolean(
CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION, true));
IEncoder binding = null;
@@ -148,11 +149,11 @@ public class AuthenticationAction implements IAction {
log.warn("Message Encoding exception", e);
throw new ResponderErrorException("pvp2.01", null, e);
- } catch (EAAFException e) {
+ } catch (final EAAFException e) {
log.info("Response generation error: Msg: ", e.getMessage());
throw new ResponderErrorException(e.getErrorId(), e.getParams(), e);
- } catch (Exception e) {
+ } catch (final Exception e) {
log.warn("Response generation error", e);
throw new ResponderErrorException("pvp2.01", null, e);
@@ -160,11 +161,13 @@ public class AuthenticationAction implements IAction {
}
+ @Override
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp) {
return true;
}
+ @Override
public String getDefaultActionName() {
return "PVPAuthenticationRequestAction";
diff --git a/pom.xml b/pom.xml
index 9e45d6b8..39b10ea3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -50,7 +50,8 @@
<org.opensaml.version>2.6.6</org.opensaml.version>
<org.opensaml.xmltooling.version>1.4.6</org.opensaml.xmltooling.version>
<org.opensaml.openws.version>1.5.6</org.opensaml.openws.version>
- <org.apache.santuario.xmlsec.version>2.1.2</org.apache.santuario.xmlsec.version>
+ <org.apache.santuario.xmlsec.version>2.1.3</org.apache.santuario.xmlsec.version>
+ <org.bouncycastle.bcprov-jdk15on.version>1.61</org.bouncycastle.bcprov-jdk15on.version>
<org.owasp.esapi.version>2.1.0.1</org.owasp.esapi.version>
<surefire.version>2.22.0</surefire.version>
<org.slf4j.version>1.7.25</org.slf4j.version>
@@ -310,6 +311,12 @@
<version>${org.apache.santuario.xmlsec.version}</version>
</dependency>
<dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>${org.bouncycastle.bcprov-jdk15on.version}</version>
+ </dependency>
+
+ <dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>${org.owasp.esapi.version}</version>