summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java178
1 files changed, 178 insertions, 0 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
new file mode 100644
index 00000000..69b94255
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.impl.data.Triple;
+
+import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
+import org.apache.xml.security.signature.XMLSignature;
+import org.opensaml.xmlsec.encryption.support.EncryptionConstants;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
+
+import com.google.common.collect.ImmutableMap;
+
+public interface PvpConstants extends PvpAttributeDefinitions {
+ // module configuration parameters
+ String CONFIG_PROP_SEC_SIGNING_RSA_ALG = "pvp2.security.alg.signing.rsa";
+ String CONFIG_PROP_SEC_SIGNING_EC_ALG = "pvp2.security.alg.signing.ec";
+ String CONFIG_PROP_SEC_ENCRYPTION_DATA = "pvp2.security.alg.enc.data";
+ String CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG = "pvp2.security.alg.enc.key.rsa";
+ String CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG = "pvp2.security.alg.enc.key.ec";
+ String CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION = "pvp2.assertion.encryption.active";
+
+ // Default values
+ String DEFAULT_SIGNING_METHODE_RSA =
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
+ String DEFAULT_SIGNING_METHODE_EC =
+ SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256;
+
+ String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
+
+ String DEFAULT_SYM_ENCRYPTION_METHODE =
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM;
+ String DEFAULT_ASYM_ENCRYPTION_METHODE_RSA =
+ EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
+ String DEFAULT_ASYM_ENCRYPTION_METHODE_EC =
+ EncryptionConstants.ALGO_ID_KEYAGREEMENT_DH;
+
+ // PVP entity categories
+ String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
+ String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
+ String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
+
+ @Deprecated
+ String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
+
+ String REDIRECT = "Redirect";
+ String POST = "Post";
+ String SOAP = "Soap";
+ String METADATA = "Metadata";
+ String ATTRIBUTEQUERY = "AttributeQuery";
+ String SINGLELOGOUT = "SingleLogOut";
+
+ /**
+ * Get required PVP attributes for egovtoken First : PVP attribute name (OID)
+ * Second: FriendlyName Third: Required.
+ *
+ */
+ List<Triple<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES =
+ Collections.unmodifiableList(new ArrayList<Triple<String, String, Boolean>>() {
+ private static final long serialVersionUID = 1L;
+
+ {
+ // currently supported attributes
+ add(Triple.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+ add(Triple.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
+
+ // currently not supported attributes
+ add(Triple.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false));
+ add(Triple.newInstance(GID_NAME, GID_FRIENDLY_NAME, false));
+ add(Triple.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false));
+ add(Triple.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false));
+ add(Triple.newInstance(OU_NAME, OU_FRIENDLY_NAME, false));
+ add(Triple.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false));
+
+ }
+ });
+
+ /**
+ * Get required PVP attributes for citizenToken First : PVP attribute name (OID)
+ * Second: FriendlyName Third: Required.
+ *
+ */
+ List<Triple<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES =
+ Collections.unmodifiableList(new ArrayList<Triple<String, String, Boolean>>() {
+ private static final long serialVersionUID = -5947165770657082581L;
+
+ {
+ // required attributes - eIDAS minimal-data set
+ add(Triple.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+ add(Triple.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
+ add(Triple.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
+ add(Triple.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true));
+ add(Triple.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true));
+
+ // not required attributes
+ add(Triple.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+ EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
+ add(Triple.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
+ add(Triple.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME,
+ EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
+ add(Triple.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
+ add(Triple.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false));
+ add(Triple.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
+ add(Triple.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
+ add(Triple.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME,
+ false));
+ add(Triple.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME,
+ MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
+ add(Triple.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME,
+ MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
+ add(Triple.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME,
+ MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
+ add(Triple.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME,
+ MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
+ add(Triple.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME,
+ false));
+ add(Triple.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ false));
+ add(Triple.newInstance(MANDATE_REFERENCE_VALUE_NAME,
+ MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
+
+ }
+ });
+
+ // constants for requested SAML2 attribtes by using own namespace
+ String EIDAT10_SAML_NS = "http://eid.gv.at/eID/attributes/saml-extensions";
+ String EIDAT10_PREFIX = "eid";
+
+ QName EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE =
+ new QName(EIDAT10_SAML_NS, "AttributeValue", EIDAT10_PREFIX);
+
+ ImmutableMap<String, String> SIGNATURE_TO_DIGEST_ALGORITHM_MAP =
+ ImmutableMap.<String, String>builder()
+ .put(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256, SignatureConstants.ALGO_ID_DIGEST_SHA256)
+ .put(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA384, SignatureConstants.ALGO_ID_DIGEST_SHA384)
+ .put(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512, SignatureConstants.ALGO_ID_DIGEST_SHA512)
+ .put(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256, SignatureConstants.ALGO_ID_DIGEST_SHA256)
+ .put(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA384, SignatureConstants.ALGO_ID_DIGEST_SHA384)
+ .put(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureConstants.ALGO_ID_DIGEST_SHA512)
+ .put(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256_MGF1, SignatureConstants.ALGO_ID_DIGEST_SHA256)
+ .put(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384_MGF1, SignatureConstants.ALGO_ID_DIGEST_SHA384)
+ .put(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512_MGF1, SignatureConstants.ALGO_ID_DIGEST_SHA512)
+ .put(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1,
+ MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA3_256)
+ .put(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1,
+ MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA3_384)
+ .put(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1,
+ MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA3_512)
+
+ .build();
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-14 02:38:13 +0000