From 3be8b5c3c139ab75db4ae9ac927800505194d987 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 May 2019 13:57:17 +0200 Subject: add new attribute builder fix some injection and dependency problems --- .../eaaf/core/impl/idp/EidAuthenticationData.java | 86 ++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java new file mode 100644 index 00000000..71ee0172 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java @@ -0,0 +1,86 @@ +package at.gv.egiz.eaaf.core.impl.idp; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.lang.NonNull; +import org.springframework.util.Assert; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; + +public class EidAuthenticationData extends AuthenticationData implements IEidAuthData { + private static final Logger log = LoggerFactory.getLogger(EidAuthenticationData.class); + + + private static final long serialVersionUID = -7106142572904327044L; + + private byte[] eIDToken; + private byte[] signerCertificate; + private EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus; + + @Override + public byte[] getSignerCertificate() { + return this.signerCertificate; + } + + @Override + public byte[] getEIDToken() { + return this.eIDToken; + } + + @Override + public EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus() { + return this.eidStatus; + + } + + + /** + * Set the status of the E-ID identity + * + * @param eidStatus + */ + public void setEidStatus(EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus) { + this.eidStatus = eidStatus; + } + + /** + * Set Online IdentityLink to AuthenticationData + * + * @param eIDToken + */ + public void seteIDToken(final byte[] eIDToken) { + this.eIDToken = eIDToken; + + } + + /** + * Set the signing certificate that was used to sign the user consent + * + * @param signerCertificate + */ + public void setSignerCertificate(@NonNull final X509Certificate signerCertificate) { + Assert.notNull(signerCertificate, "Signer certificate is null"); + try { + this.signerCertificate = signerCertificate.getEncoded(); + + } catch (final CertificateEncodingException e) { + log.warn("Can NOT serialized signer-certificate", e); + log.warn("Signer certificate will be ignored"); + + } + } + + /** + * Set the signing certificate that was used to sign the user consent + * + * @param signerCertificate + */ + public void setSignerCertificate(final byte[] signerCertificate) { + this.signerCertificate = signerCertificate; + + } +} -- cgit v1.2.3 From 4ce9dae4c77ed6f2f37a2e65bc8198f7cf3f5c5b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 5 Jun 2019 13:11:54 +0200 Subject: add useMandate flag --- .../egiz/eaaf/core/impl/idp/EidAuthenticationData.java | 16 ++++++++++++++++ .../java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java | 8 ++++++++ 2 files changed, 24 insertions(+) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java index 71ee0172..8a59a0be 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java @@ -20,6 +20,7 @@ public class EidAuthenticationData extends AuthenticationData implements IEidAut private byte[] eIDToken; private byte[] signerCertificate; private EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus; + private boolean useMandate = false; @Override public byte[] getSignerCertificate() { @@ -37,6 +38,11 @@ public class EidAuthenticationData extends AuthenticationData implements IEidAut } + @Override + public boolean isUseMandate() { + return useMandate; + } + /** * Set the status of the E-ID identity @@ -83,4 +89,14 @@ public class EidAuthenticationData extends AuthenticationData implements IEidAut this.signerCertificate = signerCertificate; } + + /** + * Set flag that mandates are used in this process + * + * @param useMandate true if mandates was used, otherwise false + */ + public void setUseMandate(boolean useMandate) { + this.useMandate = useMandate; + } + } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java index 44ece8fe..a9d6a51e 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java @@ -26,4 +26,12 @@ public interface IEidAuthData extends IAuthData { * @return {@link PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES} */ PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus(); + + + /** + * Flag that mandates are used + * + * @return true if mandates are used, otherwise false + */ + boolean isUseMandate(); } -- cgit v1.2.3 From 4e61a42420b6e9e91e5bb7bfa2cff9a79e1f964f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 6 Jun 2019 13:30:53 +0200 Subject: update authenticationData and attribute builder --- .../eaaf/core/impl/idp/EidAuthenticationData.java | 19 ++++++++++ .../impl/idp/builder/attributes/EIDCcsURL.java | 44 ++++++++++++++++++++++ .../impl/idp/controller/AbstractController.java | 2 +- .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 3 +- .../at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java | 8 ++++ 5 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java index 8a59a0be..86728c05 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java @@ -20,6 +20,7 @@ public class EidAuthenticationData extends AuthenticationData implements IEidAut private byte[] eIDToken; private byte[] signerCertificate; private EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus; + private String vdaEndpointUrl; private boolean useMandate = false; @Override @@ -43,6 +44,11 @@ public class EidAuthenticationData extends AuthenticationData implements IEidAut return useMandate; } + @Override + public String getVdaEndPointUrl() { + return vdaEndpointUrl; + + } /** * Set the status of the E-ID identity @@ -98,5 +104,18 @@ public class EidAuthenticationData extends AuthenticationData implements IEidAut public void setUseMandate(boolean useMandate) { this.useMandate = useMandate; } + + + /** + * Set URL of the EndPoint that was used on VDA for authentication + * + * @param vdaEndpointUrl + */ + public void setVdaEndpointUrl(String vdaEndpointUrl) { + this.vdaEndpointUrl = vdaEndpointUrl; + } + + + } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java new file mode 100644 index 00000000..ec0f5d0c --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java @@ -0,0 +1,44 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +@PVPMETADATA +public class EIDCcsURL implements IPVPAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EID_CCS_URL_NAME); + + @Override + public String getName() { + return EID_CCS_URL_NAME; + } + + @Override + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + if (authData instanceof IEidAuthData) { + final String bkuurl = ((IEidAuthData)authData).getVdaEndPointUrl(); + if (StringUtils.isNotEmpty(bkuurl)) + return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); + + + } else + log.info(EID_CCS_URL_FRIENDLY_NAME + " is only available in MOA-ID context"); + + throw new UnavailableAttributeException(EID_CCS_URL_NAME); + } + + @Override + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java index 1da8036c..5ad44801 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java @@ -72,7 +72,7 @@ public abstract class AbstractController { @Autowired protected IRevisionLogger revisionsLogger; @ExceptionHandler({EAAFException.class}) - public void MOAIDExceptionHandler(final HttpServletRequest req, final HttpServletResponse resp, final Exception e) throws IOException { + public void EAAFExceptionHandler(final HttpServletRequest req, final HttpServletResponse resp, final Exception e) throws IOException { try { protAuthService.handleErrorNoRedirect(e, req, resp, true); diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 6e7f9a46..7b977193 100644 --- a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -11,4 +11,5 @@ at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSignerCertificate -at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler \ No newline at end of file +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDCcsURL \ No newline at end of file diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java index a9d6a51e..74c84468 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IEidAuthData.java @@ -28,6 +28,14 @@ public interface IEidAuthData extends IAuthData { PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus(); + /** + * Get the URL of the VDA EndPoint, that was used for authentication + * + * @return + */ + String getVdaEndPointUrl(); + + /** * Flag that mandates are used * -- cgit v1.2.3