aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2018-07-24 06:39:34 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2018-07-24 06:39:34 +0200
commit9b7b67ee1b3c00a3760e09c05fa9e65d4a4e80fa (patch)
tree05b83dd2396439737d30fb04f8b082a306cd5d02
parentb3e812dbac60546daff66fa0f6c53e42030921bb (diff)
downloadNational_eIDAS_Gateway-9b7b67ee1b3c00a3760e09c05fa9e65d4a4e80fa.tar.gz
National_eIDAS_Gateway-9b7b67ee1b3c00a3760e09c05fa9e65d4a4e80fa.tar.bz2
National_eIDAS_Gateway-9b7b67ee1b3c00a3760e09c05fa9e65d4a4e80fa.zip
update countrySelectionProcess to support more than one eIDAS Nodes for different production stages. This is required, because eIDAS Ref. Impl. 2.0 and 2.1 supports only one countryCode each instance.
-rw-r--r--.gitignore2
-rw-r--r--connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java11
-rw-r--r--connector/src/main/resources/properties/external_statuscodes_map.properties1
-rw-r--r--connector/src/main/resources/properties/status_messages_en.properties1
-rw-r--r--connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java11
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java1
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java5
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java59
8 files changed, 76 insertions, 15 deletions
diff --git a/.gitignore b/.gitignore
index 16a0a262..c845808d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,4 +9,4 @@ target
.classpath
.directory
.checkstyle
-/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/version.txt
+notCommit
diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java
index ff3dc252..4ae97acf 100644
--- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java
+++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java
@@ -45,10 +45,13 @@ public class EvaluateCountrySelectionTask extends AbstractAuthServletTask {
while(reqParamNames.hasMoreElements()) {
String paramName = reqParamNames.nextElement();
if (StringUtils.isNotEmpty(paramName) &&
- !EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName))
- executionContext.put(paramName,
- StringEscapeUtils.escapeHtml(request.getParameter(paramName)));
-
+ !EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) {
+ for (String el : MSeIDASNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST) {
+ if (el.equalsIgnoreCase(paramName))
+ executionContext.put(paramName,
+ StringEscapeUtils.escapeHtml(request.getParameter(paramName)));
+ }
+ }
}
log.info("Country selection finished. Starting auth. process for country ... ");
diff --git a/connector/src/main/resources/properties/external_statuscodes_map.properties b/connector/src/main/resources/properties/external_statuscodes_map.properties
index d2e2dab4..cf26832b 100644
--- a/connector/src/main/resources/properties/external_statuscodes_map.properties
+++ b/connector/src/main/resources/properties/external_statuscodes_map.properties
@@ -68,5 +68,6 @@ internal.02=9101
internal.03=9199
internal.04=9101
+config.08=9008
config.27=9008
config.30=9008 \ No newline at end of file
diff --git a/connector/src/main/resources/properties/status_messages_en.properties b/connector/src/main/resources/properties/status_messages_en.properties
index a6985d0f..e09f3691 100644
--- a/connector/src/main/resources/properties/status_messages_en.properties
+++ b/connector/src/main/resources/properties/status_messages_en.properties
@@ -66,5 +66,6 @@ internal.02=Internal error. Can not access data cache.
internal.03=Internal error. Can not initialize a cryptographic method.
internal.04=Internal error. Can not access data cache (Reason: {0}).
+config.08=Configuration value: {0} is missing.
config.27=Configuration parameter processing failed. Reason: {0}
config.30=External configuration not found. File: {0}
diff --git a/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java
index 68c39a53..74ef993c 100644
--- a/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java
+++ b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java
@@ -2,6 +2,9 @@
*******************************************************************************/
package at.gv.egiz.eidas.specific.connector;
+import java.util.Arrays;
+import java.util.List;
+
import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants;
public class MSeIDASNodeConstants {
@@ -63,11 +66,19 @@ public class MSeIDASNodeConstants {
// ************ execution context and generic data ************
public static final String REQ_PARAM_SELECTED_COUNTRY = "selectedCountry";
+ public static final String REQ_PARAM_SELECTED_ENVIRONMENT = "selectedEnvironment";
public static final String REQ_PARAM_STOP_PROCESS = "stopAuthProcess";
+ public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION = "prod";
+ public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS = "qs";
+ public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING = "test";
+ public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT = "dev";
+
public static final String DATA_REQUESTERID = "req_requesterId";
public static final String DATA_PROVIDERNAME = "req_providerName";
public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA";
public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision";
+ public static final List<String> COUNTRY_SELECTION_PARAM_WHITELIST =
+ Arrays.asList(REQ_PARAM_SELECTED_COUNTRY, REQ_PARAM_SELECTED_ENVIRONMENT);
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
index b1cd128f..beb3cce7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
@@ -11,7 +11,6 @@ import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
public class Constants {
- public static final String EXECUTIONCONTEXT_SELECTED_COUNTRY = "selectedCountry";
public static final String DATA_REQUESTERID = "req_requesterId";
public static final String DATA_PROVIDERNAME = "req_providerName";
public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
index fef9cbfa..c41559b8 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
@@ -6,6 +6,7 @@ import org.apache.commons.lang3.StringUtils;
import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
/**
* @author tlenz
@@ -33,8 +34,8 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
*/
@Override
public String selectProcess(ExecutionContext context) {
- if (StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)) ||
- StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)))
+ if (StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY)) ||
+ StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY)))
return "eIDASAuthentication_v2";
else
return null;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
index d65ce72f..e9a7a190 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eidas.specific.connector.MSConnectorEventCodes;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
import at.gv.egiz.eidas.specific.connector.gui.StaticGuiBuilderConfiguration;
import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants;
import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
@@ -70,9 +71,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
//get service-provider configuration
ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
- // get target and validate citizen countryCode
- String citizenCountryCode = (String) executionContext.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY);
-
+ // get target, environment and validate citizen countryCode
+ String citizenCountryCode = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY);
+ String environment = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT);
+
if (StringUtils.isEmpty(citizenCountryCode)) {
// illegal state; task should not have been executed without a selected country
throw new eIDASAuthenticationException("eidas.03", new Object[] { "" });
@@ -179,6 +181,18 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
}
+ //select forward URL regarding the selected environment
+ String forwardURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL);
+ if (StringUtils.isNotEmpty(environment))
+ forwardURL = selectedForwardURLForEnvironment(environment);
+
+ if (StringUtils.isEmpty(forwardURL)) {
+ log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops");
+ throw new EAAFConfigurationException("config.08", new Object[] {Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL});
+
+ }
+ log.debug("ForwardURL: " + forwardURL + " selected to forward eIDAS request");
+
if (basicConfig.getBasicConfiguration(
Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD,
Constants.FORWARD_METHOD_GET
@@ -186,7 +200,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
log.debug("Use http-redirect for eIDAS node forwarding ... ");
//send redirect
- UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL));
+ UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardURL);
redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64);
response.sendRedirect(redirectUrl.build().encode().toString());
@@ -198,8 +212,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
Constants.TEMPLATE_POST_FORWARD_NAME,
null);
- config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT,
- basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL));
+ config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL);
config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME,
EidasParameterKeys.TOKEN.toString());
config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE,
@@ -223,7 +236,39 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
}
- private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) {
+ /**
+ * Select a forward URL from configuration for a specific environment
+ * <br><br>
+ * <b>Info: </b> This method is needed, because eIDAS Ref. Impl only supports one countrycode on each instance.
+ * In consequence, more than one eIDAS Ref. Impl nodes are required to support producation, testing, or QS stages
+ * for one country by using one ms-specific eIDAS connector
+ *
+ * @param environment Environment selector from CountrySlection page
+ * @return
+ */
+ private String selectedForwardURLForEnvironment(String environment) {
+ log.trace("Starting endpoint selection process for environment: " + environment + " ... ");
+ if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION))
+ return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL);
+
+ else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS))
+ return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL
+ + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS);
+
+ else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING))
+ return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL
+ + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING);
+
+ else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT))
+ return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL
+ + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT);
+
+ log.info("Environment selector: " + environment + " is not supported");
+ return null;
+
+ }
+
+ private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) {
ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder();
for (Map.Entry<String,Boolean> attribute : requiredAttributes.entrySet()) {
final String name = attribute.getKey();