From 3be8b5c3c139ab75db4ae9ac927800505194d987 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 May 2019 13:57:17 +0200 Subject: add new attribute builder fix some injection and dependency problems --- .../gui/AbstractGUIFormBuilderConfiguration.java | 13 +++- .../gui/AbstractVelocityGUIFormBuilderImpl.java | 4 +- .../eaaf/core/impl/idp/EidAuthenticationData.java | 86 ++++++++++++++++++++++ .../builder/AbstractAuthenticationDataBuilder.java | 3 +- .../services/ProtocolAuthenticationService.java | 11 ++- .../idp/builder/attributes/EIDEIDTokenBuilder.java | 69 +++++++++++++++++ .../builder/attributes/EIDSignerCertificate.java | 80 ++++++++++++++++++++ .../EidIdentityStatusLevelAttributeBuiler.java | 47 ++++++++++++ .../impl/idp/conf/AbstractConfigurationImpl.java | 28 +++++-- .../conf/AbstractSpringBootConfigurationImpl.java | 21 ++++-- .../eaaf/core/impl/utils/HttpClientFactory.java | 4 +- .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 3 + eaaf_core/src/main/resources/eaaf_core.beans.xml | 3 - 13 files changed, 343 insertions(+), 29 deletions(-) create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java (limited to 'eaaf_core/src/main') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java index 51b4e0b4..c9c2ec0b 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGUIFormBuilderConfiguration.java @@ -103,9 +103,9 @@ public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilder @Override public final Map getViewParameters() { //set generic parameters - setViewParameter(PARAM_GROUP_FORM, PARAM_AUTHCONTEXT, this.authURL); - setViewParameter(PARAM_GROUP_FORM, PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint); - setViewParameter(PARAM_GROUP_FORM, PARAM_VIEWNAME, this.viewName); + setViewParameter(getFromGroup(), PARAM_AUTHCONTEXT, this.authURL); + setViewParameter(getFromGroup(), PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint); + setViewParameter(getFromGroup(), PARAM_VIEWNAME, this.viewName); //get parameters from detail implementation putSpecificViewParameters(); @@ -126,6 +126,13 @@ public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilder * */ abstract protected void putSpecificViewParameters(); + + /** + * Get the Group for generic form elements + * + * @return groupName or null if no groups are used + */ + abstract protected String getFromGroup(); @SuppressWarnings("unchecked") protected void setViewParameter(String group, String key, Object value) { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java index 65e13b5a..b9c16538 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractVelocityGUIFormBuilderImpl.java @@ -77,7 +77,7 @@ public abstract class AbstractVelocityGUIFormBuilderImpl implements IVelocityGui public final void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException { if (config instanceof IVelocityGUIBuilderConfiguration) - build(httpReq, httpResp, config, loggerName); + build(httpReq, httpResp, (IVelocityGUIBuilderConfiguration)config, loggerName); else throw new IllegalStateException(this.getClass().getName() + " needs a " + IVelocityGUIBuilderConfiguration.class.getName()); @@ -88,7 +88,7 @@ public abstract class AbstractVelocityGUIFormBuilderImpl implements IVelocityGui public final void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType, String loggerName) throws GUIBuildException { if (config instanceof IVelocityGUIBuilderConfiguration) - build(httpReq, httpResp, config, loggerName); + build(httpReq, httpResp, (IVelocityGUIBuilderConfiguration)config, contentType, loggerName); else throw new IllegalStateException(this.getClass().getName() + " needs a " + IVelocityGUIBuilderConfiguration.class.getName()); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java new file mode 100644 index 00000000..71ee0172 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java @@ -0,0 +1,86 @@ +package at.gv.egiz.eaaf.core.impl.idp; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.lang.NonNull; +import org.springframework.util.Assert; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; + +public class EidAuthenticationData extends AuthenticationData implements IEidAuthData { + private static final Logger log = LoggerFactory.getLogger(EidAuthenticationData.class); + + + private static final long serialVersionUID = -7106142572904327044L; + + private byte[] eIDToken; + private byte[] signerCertificate; + private EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus; + + @Override + public byte[] getSignerCertificate() { + return this.signerCertificate; + } + + @Override + public byte[] getEIDToken() { + return this.eIDToken; + } + + @Override + public EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus() { + return this.eidStatus; + + } + + + /** + * Set the status of the E-ID identity + * + * @param eidStatus + */ + public void setEidStatus(EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus) { + this.eidStatus = eidStatus; + } + + /** + * Set Online IdentityLink to AuthenticationData + * + * @param eIDToken + */ + public void seteIDToken(final byte[] eIDToken) { + this.eIDToken = eIDToken; + + } + + /** + * Set the signing certificate that was used to sign the user consent + * + * @param signerCertificate + */ + public void setSignerCertificate(@NonNull final X509Certificate signerCertificate) { + Assert.notNull(signerCertificate, "Signer certificate is null"); + try { + this.signerCertificate = signerCertificate.getEncoded(); + + } catch (final CertificateEncodingException e) { + log.warn("Can NOT serialized signer-certificate", e); + log.warn("Signer certificate will be ignored"); + + } + } + + /** + * Set the signing certificate that was used to sign the user consent + * + * @param signerCertificate + */ + public void setSignerCertificate(final byte[] signerCertificate) { + this.signerCertificate = signerCertificate; + + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index 2482d65f..47b1ecf9 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -172,7 +172,6 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati internalAuthData.setDateOfBirth(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.BIRTHDATE_NAME, String.class)); internalAuthData.setEncSourceId(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_NAME, String.class)); internalAuthData.setEncSourceIdType(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_TYPE_NAME, String.class)); - //#################################################### //set QAA level @@ -574,7 +573,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati * but there it is not neccesary. We fix this problem in 3.4.3, but the fix can be deactivated * for dependency reasons. */ - if (basicConfig.getBasicMOAIDConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) { + if (basicConfig.getBasicConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) { authData.setGivenName(identityLink.getGivenName().replaceAll("'", "'")); authData.setFamilyName(identityLink.getFamilyName().replaceAll("'", "'")); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index 6f416414..087d83a2 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -48,7 +48,7 @@ import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory; -import at.gv.egiz.eaaf.core.api.gui.ISpringMVCGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.idp.IAction; import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -83,7 +83,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer @Autowired(required=true) private ITransactionStorage transactionStorage; @Autowired(required=true) private IAuthenticationManager authmanager; @Autowired(required=true) private IAuthenticationDataBuilder authDataBuilder; - @Autowired(required=true) private ISpringMVCGUIFormBuilder guiBuilder; @Autowired(required=true) private IGUIBuilderConfigurationFactory guiConfigFactory; @Autowired(required=true) private IStatusMessenger statusMessager; @Autowired(required=true) private IRequestStorage requestStorage; @@ -93,6 +92,9 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer @Autowired private IStatisticLogger statisticLogger; @Autowired private IRevisionLogger revisionsLogger; + + private IGUIFormBuilder guiBuilder; + /* (non-Javadoc) * @see at.gv.egiz.eaaf.core.impl.idp.auth.services.IProtocolAuthenticationService#performAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egiz.eaaf.core.api.IRequest) */ @@ -257,6 +259,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } + + public void setGuiBuilder(IGUIFormBuilder guiBuilder) { + this.guiBuilder = guiBuilder; + } + /** * Finalize the requested protocol operation * diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java new file mode 100644 index 00000000..698393ea --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEIDTokenBuilder.java @@ -0,0 +1,69 @@ +/******************************************************************************* + * Copyright 2019 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.util.Base64Utils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +@PVPMETADATA +public class EIDEIDTokenBuilder implements IPVPAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EIDEIDTokenBuilder.class); + + + @Override + public String getName() { + return EID_E_ID_TOKEN_NAME; + } + + @Override + public ATT build(final ISPConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator g) throws AttributeBuilderException { + + if (authData instanceof IEidAuthData) { + if (((IEidAuthData)authData).getEIDToken() == null) + throw new UnavailableAttributeException(EID_E_ID_TOKEN_NAME); + + return g.buildStringAttribute(EID_E_ID_TOKEN_FRIENDLY_NAME, + EID_E_ID_TOKEN_NAME, Base64Utils.encodeToString(((IEidAuthData)authData).getEIDToken())); + } else + log.info(EID_E_ID_TOKEN_FRIENDLY_NAME + " is only available in AuthHandler context"); + + throw new UnavailableAttributeException(EID_E_ID_TOKEN_NAME); + } + + @Override + public ATT buildEmpty(final IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_E_ID_TOKEN_FRIENDLY_NAME, + EID_E_ID_TOKEN_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java new file mode 100644 index 00000000..bab521b4 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSignerCertificate.java @@ -0,0 +1,80 @@ +/******************************************************************************* + * Copyright 2019 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.util.Base64Utils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +@PVPMETADATA +public class EIDSignerCertificate implements IPVPAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EIDSignerCertificate.class); + + @Override + public String getName() { + return EID_SIGNER_CERTIFICATE_NAME; + } + + @Override + public ATT build(final ISPConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator g) throws AttributeBuilderException { + + if (authData instanceof IEidAuthData) { + try { + + final byte[] signerCertificate = ((IEidAuthData)authData).getSignerCertificate(); + if (signerCertificate != null) { + return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, + Base64Utils.encodeToString(signerCertificate)); + + } else + log.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context"); + + } catch (final Exception e) { + log.info("Signer certificate BASE64 encoding error"); + + } + + } else + log.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in AuthHandler context"); + + + throw new UnavailableAttributeException(EID_SIGNER_CERTIFICATE_NAME); + + } + + @Override + public ATT buildEmpty(final IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java new file mode 100644 index 00000000..6a8de559 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java @@ -0,0 +1,47 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +@PVPMETADATA +public class EidIdentityStatusLevelAttributeBuiler implements IPVPAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EidIdentityStatusLevelAttributeBuiler.class); + + @Override + public String getName() { + return EID_IDENTITY_STATUS_LEVEL_NAME; + } + + @Override + public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { + + if (authData instanceof IEidAuthData) { + if (((IEidAuthData)authData).getEIDStatus() == null) + throw new UnavailableAttributeException(getName()); + + return g.buildStringAttribute(getFriendlyName(), + getName(), ((IEidAuthData)authData).getEIDStatus().getURI()); + } else + log.info(getFriendlyName() + " is only available in EAAF context"); + + throw new UnavailableAttributeException(getName()); + } + + @Override + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(getFriendlyName(), getName()); + } + + private String getFriendlyName() { + return EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME; + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java index af009b10..55662326 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractConfigurationImpl.java @@ -158,19 +158,31 @@ public abstract class AbstractConfigurationImpl implements IExtendedConfiguratio return defaultValue; } + @Override - public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { - return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.convertPropertiesToMap(properties), addPrefixToKey(prefix)); + public Boolean getBasicConfigurationBoolean(String key) { + final String value = getBasicConfiguration(key); + if (value != null) + return Boolean.parseBoolean(value); + else + return null; } + @Override - public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { - final String value = getBasicConfiguration(key); - if (StringUtils.isNotEmpty(value)) - return Boolean.valueOf(value.trim()); - - return defaultValue; + public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) { + final Boolean result = getBasicConfigurationBoolean(key); + if (result != null) + return result; + else + return defaultValue; + + } + + @Override + public Map getBasicConfigurationWithPrefix(String prefix) { + return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.convertPropertiesToMap(properties), addPrefixToKey(prefix)); } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java index 62245331..1a344feb 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java @@ -88,7 +88,7 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat } @Override - public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { + public Map getBasicConfigurationWithPrefix(String prefix) { final Map configProps = getPropertiesStartingWith((ConfigurableEnvironment) env, addPrefixToKey(prefix)); return KeyValueUtils.removePrefixFromKeys(configProps, addPrefixToKey(prefix) + "."); @@ -96,16 +96,23 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat } @Override - public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { - final String value = getBasicConfiguration(key); + public Boolean getBasicConfigurationBoolean(String key) { + final String value = getBasicConfiguration(key); if (StringUtils.isNotEmpty(value)) return Boolean.valueOf(value.trim()); - - return defaultValue; - + else + return null; } - + @Override + public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) { + final Boolean value = getBasicConfigurationBoolean(key); + if (value != null) + return value; + else + return defaultValue; + } + @Override public URI getConfigurationRootDirectory() { try { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java index a5b79f6a..926b2bd5 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java @@ -75,7 +75,7 @@ public class HttpClientFactory { httpClientBuilder.setDefaultRequestConfig(requestConfig); //set pool connection if requested - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE, true)) { final PoolingHttpClientConnectionManager pool = new PoolingHttpClientConnectionManager(); @@ -97,7 +97,7 @@ public class HttpClientFactory { log.trace("Initializing SSL Context ... "); final SSLContext sslContext = SSLContext.getDefault(); HostnameVerifier hostnameVerifier = null; - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false)) { hostnameVerifier = new NoopHostnameVerifier(); diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 2decf67c..6e7f9a46 100644 --- a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -9,3 +9,6 @@ at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDeIDASQAALevelAttributeBuilde at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSignerCertificate +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler \ No newline at end of file diff --git a/eaaf_core/src/main/resources/eaaf_core.beans.xml b/eaaf_core/src/main/resources/eaaf_core.beans.xml index e750a49f..27b0f381 100644 --- a/eaaf_core/src/main/resources/eaaf_core.beans.xml +++ b/eaaf_core/src/main/resources/eaaf_core.beans.xml @@ -12,9 +12,6 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - - -- cgit v1.2.3 From 4ce9dae4c77ed6f2f37a2e65bc8198f7cf3f5c5b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 5 Jun 2019 13:11:54 +0200 Subject: add useMandate flag --- .../egiz/eaaf/core/impl/idp/EidAuthenticationData.java | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'eaaf_core/src/main') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java index 71ee0172..8a59a0be 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java @@ -20,6 +20,7 @@ public class EidAuthenticationData extends AuthenticationData implements IEidAut private byte[] eIDToken; private byte[] signerCertificate; private EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus; + private boolean useMandate = false; @Override public byte[] getSignerCertificate() { @@ -37,6 +38,11 @@ public class EidAuthenticationData extends AuthenticationData implements IEidAut } + @Override + public boolean isUseMandate() { + return useMandate; + } + /** * Set the status of the E-ID identity @@ -83,4 +89,14 @@ public class EidAuthenticationData extends AuthenticationData implements IEidAut this.signerCertificate = signerCertificate; } + + /** + * Set flag that mandates are used in this process + * + * @param useMandate true if mandates was used, otherwise false + */ + public void setUseMandate(boolean useMandate) { + this.useMandate = useMandate; + } + } -- cgit v1.2.3 From 4e61a42420b6e9e91e5bb7bfa2cff9a79e1f964f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 6 Jun 2019 13:30:53 +0200 Subject: update authenticationData and attribute builder --- .../eaaf/core/impl/idp/EidAuthenticationData.java | 19 ++++++++++ .../impl/idp/builder/attributes/EIDCcsURL.java | 44 ++++++++++++++++++++++ .../impl/idp/controller/AbstractController.java | 2 +- .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 3 +- 4 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java (limited to 'eaaf_core/src/main') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java index 8a59a0be..86728c05 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/EidAuthenticationData.java @@ -20,6 +20,7 @@ public class EidAuthenticationData extends AuthenticationData implements IEidAut private byte[] eIDToken; private byte[] signerCertificate; private EID_IDENTITY_STATUS_LEVEL_VALUES eidStatus; + private String vdaEndpointUrl; private boolean useMandate = false; @Override @@ -43,6 +44,11 @@ public class EidAuthenticationData extends AuthenticationData implements IEidAut return useMandate; } + @Override + public String getVdaEndPointUrl() { + return vdaEndpointUrl; + + } /** * Set the status of the E-ID identity @@ -98,5 +104,18 @@ public class EidAuthenticationData extends AuthenticationData implements IEidAut public void setUseMandate(boolean useMandate) { this.useMandate = useMandate; } + + + /** + * Set URL of the EndPoint that was used on VDA for authentication + * + * @param vdaEndpointUrl + */ + public void setVdaEndpointUrl(String vdaEndpointUrl) { + this.vdaEndpointUrl = vdaEndpointUrl; + } + + + } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java new file mode 100644 index 00000000..ec0f5d0c --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDCcsURL.java @@ -0,0 +1,44 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; + +@PVPMETADATA +public class EIDCcsURL implements IPVPAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EID_CCS_URL_NAME); + + @Override + public String getName() { + return EID_CCS_URL_NAME; + } + + @Override + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + if (authData instanceof IEidAuthData) { + final String bkuurl = ((IEidAuthData)authData).getVdaEndPointUrl(); + if (StringUtils.isNotEmpty(bkuurl)) + return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); + + + } else + log.info(EID_CCS_URL_FRIENDLY_NAME + " is only available in MOA-ID context"); + + throw new UnavailableAttributeException(EID_CCS_URL_NAME); + } + + @Override + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME); + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java index 1da8036c..5ad44801 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java @@ -72,7 +72,7 @@ public abstract class AbstractController { @Autowired protected IRevisionLogger revisionsLogger; @ExceptionHandler({EAAFException.class}) - public void MOAIDExceptionHandler(final HttpServletRequest req, final HttpServletResponse resp, final Exception e) throws IOException { + public void EAAFExceptionHandler(final HttpServletRequest req, final HttpServletResponse resp, final Exception e) throws IOException { try { protAuthService.handleErrorNoRedirect(e, req, resp, true); diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 6e7f9a46..7b977193 100644 --- a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -11,4 +11,5 @@ at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSignerCertificate -at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler \ No newline at end of file +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDCcsURL \ No newline at end of file -- cgit v1.2.3 From 823d4ce2504444caac110d3506f82b4dfce4e05b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 6 Jun 2019 13:31:28 +0200 Subject: change error messages in case of InvalidProtocolExceptions --- .../services/ProtocolAuthenticationService.java | 24 +++++++++++----------- 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'eaaf_core/src/main') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index 087d83a2..0aa7ff89 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -373,16 +373,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } } - private void writeBadRequestErrorResponse(final HttpServletRequest req, final HttpServletResponse resp, final EAAFException e) throws IOException { - final String code = statusMessager.mapInternalErrorToExternalError(((InvalidProtocolRequestException)e).getErrorId()); - final String descr = StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage())); - resp.setContentType(EAAFConstants.CONTENTTYPE_HTML_UTF8); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + - "(Errorcode=" + code + - " | Description=" + descr + ")"); - - } - private void writeHTMLErrorResponse(@NonNull final HttpServletRequest httpReq, @NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode, @Nullable final Object[] params, @NonNull final Exception error) throws IOException, EAAFException { @@ -464,11 +454,21 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer statisticLogger.logErrorOperation(ex, ex.getErrorRequest()); //write error message - writeBadRequestErrorResponse(req, resp, (EAAFException) e); + //writeBadRequestErrorResponse(req, resp, (EAAFException) e); + writeHTMLErrorResponse(req, resp, + e.getMessage(), + statusMessager.getResponseErrorCode(e), + null, + e); } else if (e instanceof InvalidProtocolRequestException) { //send error response - writeBadRequestErrorResponse(req, resp, (EAAFException) e); + //writeBadRequestErrorResponse(req, resp, (EAAFException) e); + writeHTMLErrorResponse(req, resp, + e.getMessage(), + statusMessager.getResponseErrorCode(e), + null, + e); } else if (e instanceof ConfigurationException) { //send HTML formated error message -- cgit v1.2.3