/* * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in * compliance with the Licence. You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * * Unless required by applicable law or agreed to in writing, software distributed under the Licence * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egiz.eaaf.modules.pvp2; import java.util.ArrayList; import java.util.Collections; import java.util.List; import javax.xml.namespace.QName; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.impl.data.Triple; import org.apache.xml.security.algorithms.MessageDigestAlgorithm; import org.apache.xml.security.signature.XMLSignature; import org.opensaml.xmlsec.encryption.support.EncryptionConstants; import org.opensaml.xmlsec.signature.support.SignatureConstants; import com.google.common.collect.ImmutableMap; public interface PvpConstants extends PvpAttributeDefinitions { // module configuration parameters String CONFIG_PROP_SEC_SIGNING_RSA_ALG = "pvp2.security.alg.signing.rsa"; String CONFIG_PROP_SEC_SIGNING_EC_ALG = "pvp2.security.alg.signing.ec"; String CONFIG_PROP_SEC_ENCRYPTION_DATA = "pvp2.security.alg.enc.data"; String CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG = "pvp2.security.alg.enc.key.rsa"; String CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG = "pvp2.security.alg.enc.key.ec"; String CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION = "pvp2.assertion.encryption.active"; // Default values String DEFAULT_SIGNING_METHODE_RSA = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256; String DEFAULT_SIGNING_METHODE_EC = SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256; String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256; String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM; String DEFAULT_ASYM_ENCRYPTION_METHODE_RSA = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP; String DEFAULT_ASYM_ENCRYPTION_METHODE_EC = EncryptionConstants.ALGO_ID_KEYAGREEMENT_DH; // PVP entity categories String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category"; String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken"; String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken"; @Deprecated String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/"; String REDIRECT = "Redirect"; String POST = "Post"; String SOAP = "Soap"; String METADATA = "Metadata"; String ATTRIBUTEQUERY = "AttributeQuery"; String SINGLELOGOUT = "SingleLogOut"; /** * Get required PVP attributes for egovtoken First : PVP attribute name (OID) * Second: FriendlyName Third: Required. * */ List> EGOVTOKEN_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList>() { private static final long serialVersionUID = 1L; { // currently supported attributes add(Triple.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); add(Triple.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); // currently not supported attributes add(Triple.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false)); add(Triple.newInstance(GID_NAME, GID_FRIENDLY_NAME, false)); add(Triple.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false)); add(Triple.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false)); add(Triple.newInstance(OU_NAME, OU_FRIENDLY_NAME, false)); add(Triple.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false)); } }); /** * Get required PVP attributes for citizenToken First : PVP attribute name (OID) * Second: FriendlyName Third: Required. * */ List> CITIZENTOKEN_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList>() { private static final long serialVersionUID = -5947165770657082581L; { // required attributes - eIDAS minimal-data set add(Triple.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); add(Triple.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); add(Triple.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true)); add(Triple.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true)); add(Triple.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true)); // not required attributes add(Triple.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false)); add(Triple.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false)); add(Triple.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); add(Triple.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false)); add(Triple.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false)); add(Triple.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); add(Triple.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); add(Triple.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); add(Triple.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); add(Triple.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); add(Triple.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); add(Triple.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); add(Triple.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false)); add(Triple.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false)); add(Triple.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false)); } }); // constants for requested SAML2 attribtes by using own namespace String EIDAT10_SAML_NS = "http://eid.gv.at/eID/attributes/saml-extensions"; String EIDAT10_PREFIX = "eid"; QName EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE = new QName(EIDAT10_SAML_NS, "AttributeValue", EIDAT10_PREFIX); ImmutableMap SIGNATURE_TO_DIGEST_ALGORITHM_MAP = ImmutableMap.builder() .put(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256, SignatureConstants.ALGO_ID_DIGEST_SHA256) .put(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA384, SignatureConstants.ALGO_ID_DIGEST_SHA384) .put(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512, SignatureConstants.ALGO_ID_DIGEST_SHA512) .put(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256, SignatureConstants.ALGO_ID_DIGEST_SHA256) .put(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA384, SignatureConstants.ALGO_ID_DIGEST_SHA384) .put(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureConstants.ALGO_ID_DIGEST_SHA512) .put(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256_MGF1, SignatureConstants.ALGO_ID_DIGEST_SHA256) .put(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384_MGF1, SignatureConstants.ALGO_ID_DIGEST_SHA384) .put(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512_MGF1, SignatureConstants.ALGO_ID_DIGEST_SHA512) .put(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA3_256) .put(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA3_384) .put(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA3_512) .build(); }