From 3be8b5c3c139ab75db4ae9ac927800505194d987 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 May 2019 13:57:17 +0200 Subject: add new attribute builder fix some injection and dependency problems --- .../gui/AbstractGUIFormBuilderConfiguration.java | 13 +++- .../gui/AbstractVelocityGUIFormBuilderImpl.java | 4 +- .../eaaf/core/impl/idp/EidAuthenticationData.java | 86 ++++++++++++++++++++++ .../builder/AbstractAuthenticationDataBuilder.java | 3 +- .../services/ProtocolAuthenticationService.java | 11 ++- .../idp/builder/attributes/EIDEIDTokenBuilder.java | 69 +++++++++++++++++ .../builder/attributes/EIDSignerCertificate.java | 80 ++++++++++++++++++++ .../EidIdentityStatusLevelAttributeBuiler.java | 47 ++++++++++++ .../impl/idp/conf/AbstractConfigurationImpl.java | 28 +++++-- .../conf/AbstractSpringBootConfigurationImpl.java | 21 ++++-- .../eaaf/core/impl/utils/HttpClientFactory.java | 4 +- .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 3 + eaaf_core/src/main/resources/eaaf_core.beans.xml | 3 - .../impl/idp/module/test/DummyConfiguration.java | 39 ++++++---- .../core/api/data/PVPAttributeDefinitions.java | 24 ++++++ .../gv/egiz/eaaf/core/api/idp/IConfiguration.java | 32 +++++--- .../at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java | 29 ++++++++ .../tasks/AbstractCreateQualeIDRequestTask.java | 2 +- .../sl20/tasks/AbstractReceiveQualeIDTask.java | 4 +- eaaf_modules/eaaf_module_pvp2_core/pom.xml | 5 ++ .../pvp2/idp/impl/AuthenticationAction.java | 29 ++++---- pom.xml | 9 ++- 22 files changed, 471 insertions(+), 74 deletions(-) create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java index 51b4e0b4..c9c2ec0b 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java @@ -103,9 +103,9 @@ public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilder @Override public final Map getViewParameters() { //set generic parameters - setViewParameter(PARAM_GROUP_FORM, PARAM_AUTHCONTEXT, this.authURL); - setViewParameter(PARAM_GROUP_FORM, PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint); - setViewParameter(PARAM_GROUP_FORM, PARAM_VIEWNAME, this.viewName); + setViewParameter(getFromGroup(), PARAM_AUTHCONTEXT, this.authURL); + setViewParameter(getFromGroup(), PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint); + setViewParameter(getFromGroup(), PARAM_VIEWNAME, this.viewName); //get parameters from detail implementation putSpecificViewParameters(); @@ -126,6 +126,13 @@ public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilder * */ abstract protected void putSpecificViewParameters(); + + /** + * Get the Group for generic form elements + * + * @return groupName or null if no groups are used + */ + abstract protected String getFromGroup(); @SuppressWarnings("unchecked") protected void setViewParameter(String group, String key, Object value) { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java index 65e13b5a..b9c16538 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java @@ -77,7 +77,7 @@ public abstract class AbstractVelocityGUIFormBuilderImpl implements IVelocityGui public final void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException { if (config instanceof IVelocityGUIBuilderConfiguration) - build(httpReq, httpResp, config, loggerName); + build(httpReq, httpResp, (IVelocityGUIBuilderConfiguration)config, loggerName); else throw new IllegalStateException(this.getClass().getName() + " needs a " + IVelocityGUIBuilderConfiguration.class.getName()); @@ -88,7 +88,7 @@ public abstract class AbstractVelocityGUIFormBuilderImpl implements IVelocityGui public final void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType, String loggerName) throws GUIBuildException { if (config instanceof IVelocityGUIBuilderConfiguration) - build(httpReq, httpResp, config, loggerName); + build(httpReq, httpResp, (IVelocityGUIBuilderConfiguration)config, contentType, loggerName); else throw new IllegalStateException(this.getClass().getName() + " needs a " + IVelocityGUIBuilderConfiguration.class.getName()); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java new file mode 100644 index 00000000..71ee0172 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java @@ -0,0 +1,86 @@ +package at.gv.egiz.eaaf.core.impl.idp; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.lang.NonNull; +import org.springframework.util.Assert; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; + +public class EidAuthenticationData extends AuthenticationData implements IEidAuthData { + private static final Logger log = LoggerFactory.getLogger(EidAuthenticationData.class); + + + private static final long serialVersionUID = -7106142572904327044L; + + private byte[] eIDToken; + private byte[] signerCertificate; + private EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus; + + @Override + public byte[] getSignerCertificate() { + return this.signerCertificate; + } + + @Override + public byte[] getEIDToken() { + return this.eIDToken; + } + + @Override + public EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus() { + return this.eidStatus; + + } + + + /** + * Set the status of the E-ID identity + * + * @param eidStatus + */ + public void setEidStatus(EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus) { + this.eidStatus = eidStatus; + } + + /** + * Set Online IdentityLink to AuthenticationData + * + * @param eIDToken + */ + public void seteIDToken(final byte[] eIDToken) { + this.eIDToken = eIDToken; + + } + + /** + * Set the signing certificate that was used to sign the user consent + * + * @param signerCertificate + */ + public void setSignerCertificate(@NonNull final X509Certificate signerCertificate) { + Assert.notNull(signerCertificate, "Signer certificate is null"); + try { + this.signerCertificate = signerCertificate.getEncoded(); + + } catch (final CertificateEncodingException e) { + log.warn("Can NOT serialized signer-certificate", e); + log.warn("Signer certificate will be ignored"); + + } + } + + /** + * Set the signing certificate that was used to sign the user consent + * + * @param signerCertificate + */ + public void setSignerCertificate(final byte[] signerCertificate) { + this.signerCertificate = signerCertificate; + + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index 2482d65f..47b1ecf9 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -172,7 +172,6 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati internalAuthData.setDateOfBirth(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.BIRTHDATE_NAME, String.class)); internalAuthData.setEncSourceId(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_NAME, String.class)); internalAuthData.setEncSourceIdType(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_TYPE_NAME, String.class)); - //#################################################### //set QAA level @@ -574,7 +573,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati * but there it is not neccesary. We fix this problem in 3.4.3, but the fix can be deactivated * for dependency reasons. */ - if (basicConfig.getBasicMOAIDConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) { + if (basicConfig.getBasicConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) { authData.setGivenName(identityLink.getGivenName().replaceAll("'", "'")); authData.setFamilyName(identityLink.getFamilyName().replaceAll("'", "'")); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index 6f416414..087d83a2 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -48,7 +48,7 @@ import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory; -import at.gv.egiz.eaaf.core.api.gui.ISpringMVCGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.idp.IAction; import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -83,7 +83,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer @Autowired(required=true) private ITransactionStorage transactionStorage; @Autowired(required=true) private IAuthenticationManager authmanager; @Autowired(required=true) private IAuthenticationDataBuilder authDataBuilder; - @Autowired(required=true) private ISpringMVCGUIFormBuilder guiBuilder; @Autowired(required=true) private IGUIBuilderConfigurationFactory guiConfigFactory; @Autowired(required=true) private IStatusMessenger statusMessager; @Autowired(required=true) private IRequestStorage requestStorage; @@ -93,6 +92,9 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer @Autowired private IStatisticLogger statisticLogger; @Autowired private IRevisionLogger revisionsLogger; + + private IGUIFormBuilder guiBuilder; + /* (non-Javadoc) * @see at.gv.egiz.eaaf.core.impl.idp.auth.services.IProtocolAuthenticationService#performAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egiz.eaaf.core.api.IRequest) */ @@ -257,6 +259,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } + + public void setGuiBuilder(IGUIFormBuilder guiBuilder) { + this.guiBuilder = guiBuilder; + } + /** * Finalize the requested protocol operation * diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java new file mode 100644 index 00000000..698393ea --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java @@ -0,0 +1,69 @@ +/******************************************************************************* + * Copyright 2019 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.util.Base64Utils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +@PVPMETADATA +public class EIDEIDTokenBuilder implements IPVPAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EIDEIDTokenBuilder.class); + + + @Override + public String getName() { + return EID_E_ID_TOKEN_NAME; + } + + @Override + public ATT build(final ISPConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator g) throws AttributeBuilderException { + + if (authData instanceof IEidAuthData) { + if (((IEidAuthData)authData).getEIDToken() == null) + throw new UnavailableAttributeException(EID_E_ID_TOKEN_NAME); + + return g.buildStringAttribute(EID_E_ID_TOKEN_FRIENDLY_NAME, + EID_E_ID_TOKEN_NAME, Base64Utils.encodeToString(((IEidAuthData)authData).getEIDToken())); + } else + log.info(EID_E_ID_TOKEN_FRIENDLY_NAME + " is only available in AuthHandler context"); + + throw new UnavailableAttributeException(EID_E_ID_TOKEN_NAME); + } + + @Override + public ATT buildEmpty(final IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_E_ID_TOKEN_FRIENDLY_NAME, + EID_E_ID_TOKEN_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java new file mode 100644 index 00000000..bab521b4 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java @@ -0,0 +1,80 @@ +/******************************************************************************* + * Copyright 2019 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.util.Base64Utils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +@PVPMETADATA +public class EIDSignerCertificate implements IPVPAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EIDSignerCertificate.class); + + @Override + public String getName() { + return EID_SIGNER_CERTIFICATE_NAME; + } + + @Override + public ATT build(final ISPConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator g) throws AttributeBuilderException { + + if (authData instanceof IEidAuthData) { + try { + + final byte[] signerCertificate = ((IEidAuthData)authData).getSignerCertificate(); + if (signerCertificate != null) { + return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, + Base64Utils.encodeToString(signerCertificate)); + + } else + log.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context"); + + } catch (final Exception e) { + log.info("Signer certificate BASE64 encoding error"); + + } + + } else + log.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in AuthHandler context"); + + + throw new UnavailableAttributeException(EID_SIGNER_CERTIFICATE_NAME); + + } + + @Override + public ATT buildEmpty(final IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java new file mode 100644 index 00000000..6a8de559 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java @@ -0,0 +1,47 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +@PVPMETADATA +public class EidIdentityStatusLevelAttributeBuiler implements IPVPAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EidIdentityStatusLevelAttributeBuiler.class); + + @Override + public String getName() { + return EID_IDENTITY_STATUS_LEVEL_NAME; + } + + @Override + public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { + + if (authData instanceof IEidAuthData) { + if (((IEidAuthData)authData).getEIDStatus() == null) + throw new UnavailableAttributeException(getName()); + + return g.buildStringAttribute(getFriendlyName(), + getName(), ((IEidAuthData)authData).getEIDStatus().getURI()); + } else + log.info(getFriendlyName() + " is only available in EAAF context"); + + throw new UnavailableAttributeException(getName()); + } + + @Override + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(getFriendlyName(), getName()); + } + + private String getFriendlyName() { + return EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME; + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java index af009b10..55662326 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java @@ -158,19 +158,31 @@ public abstract class AbstractConfigurationImpl implements IExtendedConfiguratio return defaultValue; } + @Override - public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { - return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.convertPropertiesToMap(properties), addPrefixToKey(prefix)); + public Boolean getBasicConfigurationBoolean(String key) { + final String value = getBasicConfiguration(key); + if (value != null) + return Boolean.parseBoolean(value); + else + return null; } + @Override - public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { - final String value = getBasicConfiguration(key); - if (StringUtils.isNotEmpty(value)) - return Boolean.valueOf(value.trim()); - - return defaultValue; + public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) { + final Boolean result = getBasicConfigurationBoolean(key); + if (result != null) + return result; + else + return defaultValue; + + } + + @Override + public Map getBasicConfigurationWithPrefix(String prefix) { + return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.convertPropertiesToMap(properties), addPrefixToKey(prefix)); } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java index 62245331..1a344feb 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java @@ -88,7 +88,7 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat } @Override - public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { + public Map getBasicConfigurationWithPrefix(String prefix) { final Map configProps = getPropertiesStartingWith((ConfigurableEnvironment) env, addPrefixToKey(prefix)); return KeyValueUtils.removePrefixFromKeys(configProps, addPrefixToKey(prefix) + "."); @@ -96,16 +96,23 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat } @Override - public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { - final String value = getBasicConfiguration(key); + public Boolean getBasicConfigurationBoolean(String key) { + final String value = getBasicConfiguration(key); if (StringUtils.isNotEmpty(value)) return Boolean.valueOf(value.trim()); - - return defaultValue; - + else + return null; } - + @Override + public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) { + final Boolean value = getBasicConfigurationBoolean(key); + if (value != null) + return value; + else + return defaultValue; + } + @Override public URI getConfigurationRootDirectory() { try { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java index a5b79f6a..926b2bd5 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java @@ -75,7 +75,7 @@ public class HttpClientFactory { httpClientBuilder.setDefaultRequestConfig(requestConfig); //set pool connection if requested - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE, true)) { final PoolingHttpClientConnectionManager pool = new PoolingHttpClientConnectionManager(); @@ -97,7 +97,7 @@ public class HttpClientFactory { log.trace("Initializing SSL Context ... "); final SSLContext sslContext = SSLContext.getDefault(); HostnameVerifier hostnameVerifier = null; - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false)) { hostnameVerifier = new NoopHostnameVerifier(); diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 2decf67c..6e7f9a46 100644 --- a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -9,3 +9,6 @@ at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDeIDASQAALevelAttributeBuilde at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSignerCertificate +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler \ No newline at end of file diff --git a/eaaf_core/src/main/resources/eaaf_core.beans.xml b/eaaf_core/src/main/resources/eaaf_core.beans.xml index e750a49f..27b0f381 100644 --- a/eaaf_core/src/main/resources/eaaf_core.beans.xml +++ b/eaaf_core/src/main/resources/eaaf_core.beans.xml @@ -12,9 +12,6 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - - diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java index 880582cd..ffb921ce 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java @@ -27,25 +27,11 @@ public class DummyConfiguration implements IConfiguration { } @Override - public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { + public Map getBasicConfigurationWithPrefix(String prefix) { // TODO Auto-generated method stub return null; } - - @Override - public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { - if (AbstractAuthenticationDataBuilder.CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING.equals(key)) { - if (isIDLEscapingEnabled == null) - return defaultValue; - else - return isIDLEscapingEnabled; - - } - - - return false; - } - + @Override public ISPConfiguration getServiceProviderConfiguration(String uniqueID) throws EAAFConfigurationException { // TODO Auto-generated method stub @@ -74,4 +60,25 @@ public class DummyConfiguration implements IConfiguration { public void setIsIDLEscapingEnabled(Boolean isIDLEscapingEnabled) { this.isIDLEscapingEnabled = isIDLEscapingEnabled; } + + @Override + public Boolean getBasicConfigurationBoolean(String key) { + return null; + + } + + @Override + public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) { + if (AbstractAuthenticationDataBuilder.CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING.equals(key)) { + if (isIDLEscapingEnabled == null) + return defaultValue; + else + return isIDLEscapingEnabled; + + } + + + return false; + + } } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java index 2a92e5f3..e4ebe433 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java @@ -133,6 +133,30 @@ public interface PVPAttributeDefinitions { public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.108"; public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_EIDAS_QAA_LEVEL_OID; public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-EIDAS-LEVEL"; + + public static final String EID_IDENTITY_STATUS_LEVEL_OID = "1.2.40.0.10.2.1.1.261.109"; + public static final String EID_IDENTITY_STATUS_LEVEL_NAME = URN_OID_PREFIX + EID_IDENTITY_STATUS_LEVEL_OID; + public static final String EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME = "EID-IDENTITY-STATUS-LEVEL"; + public enum EID_IDENTITY_STATUS_LEVEL_VALUES { + IDENTITY("http://eid.gv.at/eID/status/identity"), + TESTIDENTITY("http://eid.gv.at/eID/status/testidentity"), + SYSTEM("http://eid.gv.at/eID/status/system"); + + private final String uri; + + private EID_IDENTITY_STATUS_LEVEL_VALUES(String uri) { + this.uri = uri; + } + + /** + * Get the URI based status identifier of an E-ID + * + * @return + */ + public String getURI() { + return this.uri; + } + }; public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32"; public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID; diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java index eceec2a6..7d564b58 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java @@ -57,26 +57,34 @@ public interface IConfiguration { */ public String getBasicConfiguration(final String key, final String defaultValue); + /** - * Get a set of configuration values from file based configuration that starts with this prefix - *

- * Important: The configuration values must be of type String! + * Get a configuration value from file based configuration * - * @param prefix Prefix of the configuration key - * @return Map without prefix, but never null + * @param key configuration key + * @return configuration value as {@link Boolean.parseBoolean(value)} or null if key does not exist */ - public Map getBasicMOAIDConfigurationWithPrefix(final String prefix); - + public Boolean getBasicConfigurationBoolean(final String key); /** - * Get a boolean value from basic MOA-ID configuration file + * Get a configuration value from file based configuration * - * @param key Configuration key - * @param defaultValue Default result - * @return returns the value of the configuration key, or the default value if the key is not set + * @param key configuration key + * @param defaultValue Default value if no value with this key is found + * @return configuration value as {@link Boolean.parseBoolean(value)} or defaultValue if key does not exist */ - public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue); + public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue); + /** + * Get a set of configuration values from file based configuration that starts with this prefix + *

+ * Important: The configuration values must be of type String! + * + * @param prefix Prefix of the configuration key + * @return Map without prefix, but never null + */ + public Map getBasicConfigurationWithPrefix(final String prefix); + /** * Get a configuration entry for a specific Service Provider * diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java new file mode 100644 index 00000000..44ece8fe --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java @@ -0,0 +1,29 @@ +package at.gv.egiz.eaaf.core.api.idp; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; + +public interface IEidAuthData extends IAuthData { + + /** + * Get the serialized signing certificate that was used to sign the consent + * + * @return + */ + byte[] getSignerCertificate(); + + + /** + * Get the serialized E-ID token that can be used to validate the Identity-Link + * + * @return + */ + byte[] getEIDToken(); + + + /** + * Get the status of the E-ID + * + * @return {@link PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES} + */ + PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus(); +} diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java index b0949cd3..dfcaaf5a 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java @@ -183,7 +183,7 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl //String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS); final String spSpecificVDAEndpoints = null; - final Map endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); + final Map endPointMap = authConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); if (StringUtils.isNotEmpty(spSpecificVDAEndpoints)) { endPointMap.putAll(KeyValueUtils.convertListToMap( KeyValueUtils.getListOfCSVValues( diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java index a377a4c0..5abbd543 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java @@ -100,10 +100,10 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask //validate signature final VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad( sl20ReqObj, joseTools, - authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); + authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) { - if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { + if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { log.info("SL20 result from VDA was not valid signed"); throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index e5cc555a..ae942318 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -61,6 +61,11 @@ org.apache.santuario xmlsec + + org.bouncycastle + bcprov-jdk15on + + org.owasp.esapi esapi diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index 4ec7cf99..cbbed659 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -90,31 +90,32 @@ public class AuthenticationAction implements IAction { } + @Override public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws ResponderErrorException { - PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req; + final PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req; try { //get basic information - PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest(); - AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest(); - EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider); + final PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest(); + final AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest(); + final EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider); - AssertionConsumerService consumerService = + final AssertionConsumerService consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); consumerService.setBinding(pvpRequest.getBinding()); consumerService.setLocation(pvpRequest.getConsumerURL()); - DateTime date = new DateTime(); - SLOInformationImpl sloInformation = new SLOInformationImpl(); - String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL()); + final DateTime date = new DateTime(); + final SLOInformationImpl sloInformation = new SLOInformationImpl(); + final String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL()); //build Assertion - Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, + final Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, peerEntity, date, consumerService, sloInformation); - Response authResponse = AuthResponseBuilder.buildResponse( + final Response authResponse = AuthResponseBuilder.buildResponse( metadataProvider, issuerEntityID, authnRequest, - date, assertion, authConfig.getBasicMOAIDConfigurationBoolean( + date, assertion, authConfig.getBasicConfigurationBoolean( CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION, true)); IEncoder binding = null; @@ -148,11 +149,11 @@ public class AuthenticationAction implements IAction { log.warn("Message Encoding exception", e); throw new ResponderErrorException("pvp2.01", null, e); - } catch (EAAFException e) { + } catch (final EAAFException e) { log.info("Response generation error: Msg: ", e.getMessage()); throw new ResponderErrorException(e.getErrorId(), e.getParams(), e); - } catch (Exception e) { + } catch (final Exception e) { log.warn("Response generation error", e); throw new ResponderErrorException("pvp2.01", null, e); @@ -160,11 +161,13 @@ public class AuthenticationAction implements IAction { } + @Override public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { return true; } + @Override public String getDefaultActionName() { return "PVPAuthenticationRequestAction"; diff --git a/pom.xml b/pom.xml index 590c5f57..dd957eb9 100644 --- a/pom.xml +++ b/pom.xml @@ -50,7 +50,8 @@ 2.6.6 1.4.6 1.5.6 - 2.1.2 + 2.1.3 + 1.61 2.1.0.1 2.22.0 1.7.25 @@ -309,6 +310,12 @@ xmlsec ${org.apache.santuario.xmlsec.version} + + org.bouncycastle + bcprov-jdk15on + ${org.bouncycastle.bcprov-jdk15on.version} + + org.owasp.esapi esapi -- cgit v1.2.3