initial commit

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2018-06-26 11:06:20 +0200
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2018-06-26 11:06:20 +0200
commit: ae550884f5467f6ff6df23100686bc54e100d2d4 (patch)
tree: cb06420ee6a0399991fd97b2dec912872990a5a2 /connector/src/main/java/at/gv/egiz/eidas/specific/connector/config
download: National_eIDAS_Gateway-ae550884f5467f6ff6df23100686bc54e100d2d4.tar.gz
National_eIDAS_Gateway-ae550884f5467f6ff6df23100686bc54e100d2d4.tar.bz2
National_eIDAS_Gateway-ae550884f5467f6ff6df23100686bc54e100d2d4.zip
4 files changed, 527 insertions, 0 deletions
diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/BasicConfigurationProvider.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/BasicConfigurationProvider.java
new file mode 100644
index 00000000..b898dfef
--- /dev/null
+++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/BasicConfigurationProvider.java
@@ -0,0 +1,114 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eidas.specific.connector.config;
+
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
+
+@Service("BasicMSSpecificNodeConfig")
+public class BasicConfigurationProvider extends AbstractConfigurationImpl{
+	private static final Logger log = LoggerFactory.getLogger(BasicConfigurationProvider.class);
+	
+	private Map<String, ISPConfiguration> spConfigCache = new HashMap<String, ISPConfiguration>(); 
+	
+	public BasicConfigurationProvider(String configPath) throws EAAFConfigurationException {
+		super(configPath);
+		
+	}
+
+	@Override
+	public ISPConfiguration getServiceProviderConfiguration(String entityId) throws EAAFConfigurationException {
+		if (!spConfigCache.containsKey(entityId)) {
+			log.debug("SP: " + entityId + " is NOT cached. Starting load operation ...  ");
+			Map<String, String> allSPs = getBasicMOAIDConfigurationWithPrefix(MSeIDASNodeConstants.PROP_CONFIG_SP_LIST_PREFIX);	
+			for (String key : allSPs.keySet()) {
+				if (key.endsWith(MSeIDASNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) && 
+						allSPs.get(key).equals(entityId)) {
+					String listId = KeyValueUtils.getParentKey(key);					
+					log.trace("Find SP configuration with list-Id: " + listId + ". Extracting configuration elements ... ");
+					Map<String, String> spConfig = KeyValueUtils.getSubSetWithPrefix(allSPs, listId + KeyValueUtils.KEY_DELIMITER);
+					spConfigCache.put(entityId, 
+							new ServiceProviderConfiguration(spConfig, this));
+					break;
+				}				
+			}
+			
+			if (spConfigCache.containsKey(entityId)) 
+				log.info("SP: " + entityId + " is loaded. Continuing auth. process ... ");			
+			else {
+				log.warn("SP: " + entityId + " is NOT found in configuration. Stopping auth. process ... ");
+				return null;
+				
+			}
+			
+		} else 
+			log.trace("SP: " + entityId + " is already cached. Use configuration from there ... ");
+
+		
+		return spConfigCache.get(entityId);
+	}
+
+	@Override
+	public <T> T getServiceProviderConfiguration(String entityId, Class<T> decorator) throws EAAFConfigurationException {
+		ISPConfiguration spConfig = getServiceProviderConfiguration(entityId);
+		if (spConfig != null && decorator != null) {
+			if (decorator.isInstance(spConfig))
+				return (T)spConfig;
+			else
+				log.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator.getName());
+								
+		}
+		
+		return null;
+		
+	}
+
+	@Override
+	public String validateIDPURL(URL url) throws EAAFException {
+		log.trace("Validate requested URL: " + url);
+		String urlPrefixFromConfig = getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX);
+		if (StringUtils.isEmpty(urlPrefixFromConfig)) {
+			log.warn("Application config containts NO URL prefix");
+			throw new EAAFConfigurationException("Application config containts NO URL prefix");
+			
+		}
+		
+		//remove last slash
+		if (urlPrefixFromConfig.endsWith("/"))
+			urlPrefixFromConfig = urlPrefixFromConfig.substring(0, urlPrefixFromConfig.length()-1);
+		
+		if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig))
+			return urlPrefixFromConfig;
+		
+		
+		log.info("URL: " + url + " does NOT match to allowed application prefix: " + urlPrefixFromConfig);
+		return null;
+	}
+
+	@Override
+	public String getApplicationSpecificKeyPrefix() {	
+		return MSeIDASNodeConstants.PROP_CONFIG_APPLICATION_PREFIX;	
+		
+	}
+
+	@Override
+	protected String getBackupConfigPath() {
+		return null;
+		
+	}
+	
+
+}
diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/PVPEndPointConfiguration.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/PVPEndPointConfiguration.java
new file mode 100644
index 00000000..21e46e10
--- /dev/null
+++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/PVPEndPointConfiguration.java
@@ -0,0 +1,68 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eidas.specific.connector.config;
+
+import java.util.List;
+
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
+
+@Service("PVPEndPointConfiguration")
+public class PVPEndPointConfiguration implements IPVP2BasicConfiguration {
+	private static final Logger log = LoggerFactory.getLogger(PVPEndPointConfiguration.class);
+	
+	@Autowired(required=true) IConfiguration basicConfiguration;
+	
+	@Override
+	public String getIDPEntityId(String authURL) throws EAAFException {
+		return removePostFix(authURL) + MSeIDASNodeConstants.ENDPOINT_PVP_METADATA;
+		
+	}
+
+	@Override
+	public String getIDPSSOPostService(String authURL) throws EAAFException {
+		return removePostFix(authURL) + MSeIDASNodeConstants.ENDPOINT_PVP_POST;
+		
+	}
+
+	@Override
+	public String getIDPSSORedirectService(String authURL) throws EAAFException {
+		return removePostFix(authURL) + MSeIDASNodeConstants.ENDPOINT_PVP_REDIRECT;
+		
+	}
+
+	@Override
+	public Object getIDPSSOSOAPService(String extractAuthURLFromRequest) throws EAAFException {
+		log.warn("PVP S-Profile End-Point does NOT support SOAP Binding");
+		return null;
+		
+	}
+
+	@Override
+	public List<ContactPerson> getIDPContacts() throws EAAFException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Organization getIDPOrganisation() throws EAAFException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	private String removePostFix(String url) {
+		if (url != null && url.endsWith("/"))
+			return url.substring(0, url.length() - 1);
+		else
+			return url;
+	}
+}
diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/PVPMetadataConfiguration.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/PVPMetadataConfiguration.java
new file mode 100644
index 00000000..7d17baa1
--- /dev/null
+++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/PVPMetadataConfiguration.java
@@ -0,0 +1,240 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eidas.specific.connector.config;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.security.credential.Credential;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
+
+public class PVPMetadataConfiguration implements IPVPMetadataBuilderConfiguration{
+	private static final Logger log = LoggerFactory.getLogger(PVPMetadataConfiguration.class);
+	
+	private IConfiguration basicConfig;
+	private String authUrl;
+	private AbstractCredentialProvider pvpIDPCredentials;
+	private IPVP2BasicConfiguration pvpBasicConfig;
+	
+	public PVPMetadataConfiguration(IConfiguration basicConfig, String authURL, IPVP2BasicConfiguration pvpBasicConfig, AbstractCredentialProvider pvpIDPCredentials) {
+		this.authUrl = authURL;
+		this.pvpIDPCredentials = pvpIDPCredentials;
+		this.basicConfig = basicConfig;
+		this.pvpBasicConfig = pvpBasicConfig;
+		
+	}
+	
+	@Override
+	public String getSPNameForLogging() {
+		return "PVP2 S-Profile IDP";
+	}
+
+	@Override
+	public int getMetadataValidUntil() {
+		return Integer.valueOf(basicConfig.getBasicConfiguration(
+				MSeIDASNodeConstants.PROP_CONFIG_PVP2_METADATA_VALIDITY, 
+				String.valueOf(MSeIDASNodeConstants.DEFAULT_PVP_METADATA_VALIDITY)));
+		
+	}
+
+	@Override
+	public boolean buildEntitiesDescriptorAsRootElement() {
+		return false;
+		
+	}
+
+	@Override
+	public boolean buildIDPSSODescriptor() {
+		return true;
+		
+	}
+
+	@Override
+	public boolean buildSPSSODescriptor() {
+		return false;
+		
+	}
+
+	@Override
+	public String getEntityID() {
+		try {
+			return pvpBasicConfig.getIDPEntityId(authUrl);
+			
+		} catch (EAAFException e) {
+			log.error("Can NOT build PVP metadata configuration.", e);
+			throw new RuntimeException("Can NOT build PVP metadata configuration.");
+			
+		}
+		
+	}
+
+	@Override
+	public String getEntityFriendlyName() {
+		return null;
+		
+	}
+
+	@Override
+	public List<ContactPerson> getContactPersonInformation() {		
+		try {
+			return pvpBasicConfig.getIDPContacts();
+			
+		} catch (EAAFException e) {
+			log.error("Can NOT build PVP metadata configuration.", e);
+			throw new RuntimeException("Can NOT build PVP metadata configuration.");
+			
+		}
+		
+	}
+
+	@Override
+	public Organization getOrgansiationInformation() {
+		try {
+			return pvpBasicConfig.getIDPOrganisation();
+			
+		} catch (EAAFException e) {
+			log.error("Can NOT build PVP metadata configuration.", e);
+			throw new RuntimeException("Can NOT build PVP metadata configuration.");
+			
+		}
+	}
+
+	@Override
+	public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException {
+		return pvpIDPCredentials.getIDPMetaDataSigningCredential();
+		
+	}
+
+	@Override
+	public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException {
+		return pvpIDPCredentials.getIDPAssertionSigningCredential();
+		
+	}
+
+	@Override
+	public Credential getEncryptionCredentials() throws CredentialsNotAvailableException {
+		return null;
+		
+		
+	}
+
+	@Override
+	public String getIDPWebSSOPostBindingURL() {
+		try {
+			return pvpBasicConfig.getIDPSSOPostService(authUrl);
+			
+		} catch (EAAFException e) {
+			log.error("Can NOT build PVP metadata configuration.", e);
+			throw new RuntimeException("Can NOT build PVP metadata configuration.");
+			
+		}
+		
+	}
+
+	@Override
+	public String getIDPWebSSORedirectBindingURL() {
+		try {
+			return pvpBasicConfig.getIDPSSORedirectService(authUrl);
+			
+		} catch (EAAFException e) {
+			log.error("Can NOT build PVP metadata configuration.", e);
+			throw new RuntimeException("Can NOT build PVP metadata configuration.");
+			
+		}
+	}
+
+	@Override
+	public String getIDPSLOPostBindingURL() {
+		return null;
+		
+	}
+
+	@Override
+	public String getIDPSLORedirectBindingURL() {
+		return null;
+		
+	}
+
+	@Override
+	public String getSPAssertionConsumerServicePostBindingURL() {
+		return null;
+		
+	}
+
+	@Override
+	public String getSPAssertionConsumerServiceRedirectBindingURL() {
+		return null;
+		
+	}
+
+	@Override
+	public String getSPSLOPostBindingURL() {
+		return null;
+		
+	}
+
+	@Override
+	public String getSPSLORedirectBindingURL() {
+		return null;
+		
+	}
+
+	@Override
+	public String getSPSLOSOAPBindingURL() {
+		return null;
+		
+	}
+
+	@Override
+	public List<Attribute> getIDPPossibleAttributes() {
+		return PVPAttributeBuilder.buildSupportedEmptyAttributes();
+		
+	}
+
+	@Override
+	public List<String> getIDPPossibleNameITTypes() {
+		return Arrays.asList(NameIDType.PERSISTENT, 
+				 NameIDType.TRANSIENT,
+				 NameIDType.UNSPECIFIED);
+	}
+
+	@Override
+	public List<RequestedAttribute> getSPRequiredAttributes() {
+		return null;
+		
+	}
+
+	@Override
+	public List<String> getSPAllowedNameITTypes() {
+		return null;
+		
+	}
+
+	@Override
+	public boolean wantAssertionSigned() {
+		return false;
+		
+	}
+
+	@Override
+	public boolean wantAuthnRequestSigned() {
+		return true;
+		
+	}
+
+}
diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java
new file mode 100644
index 00000000..3d8a3bdd
--- /dev/null
+++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java
@@ -0,0 +1,105 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eidas.specific.connector.config;
+
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.SPConfigurationImpl;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
+
+public class ServiceProviderConfiguration extends SPConfigurationImpl {	
+	private static final long serialVersionUID = 1L;
+	private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class);
+
+	private String minimumLoA = EAAFConstants.EIDAS_QAA_HIGH;
+	private String bPKTargetIdentifier;
+	
+	public ServiceProviderConfiguration(Map<String, String> spConfig, IConfiguration authConfig) {
+		super(spConfig, authConfig);
+		
+	}
+
+	@Override
+	public boolean hasBaseIdInternalProcessingRestriction() {
+		  return false;
+		  
+	}
+
+	@Override
+	public boolean hasBaseIdTransferRestriction() {	  
+		return isConfigurationValue(
+				MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION, 
+				true);
+		  
+	}
+	
+	@Override
+	public String getMinimumLevelOfAssurence() {
+		return minimumLoA;
+		
+	}
+
+
+	@Override
+	public String getAreaSpecificTargetIdentifier() {
+		return bPKTargetIdentifier;
+	}
+
+
+	@Override
+	public String getFriendlyName() {
+		return getConfigurationValue(
+				MSeIDASNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME, 
+				"NO FRIENDLYNAME SET");
+		
+	}
+
+	/**
+	 * Set the minimum level of eIDAS authentication for this SP
+	 * <br>
+	 * <b>Default:</b> http://eidas.europa.eu/LoA/high or 
+	 * 
+	 * @param minimumLoA eIDAS LoA URI
+	 */
+	
+	public void setMinimumLoA(String minimumLoA) {
+		this.minimumLoA = minimumLoA;
+	}
+
+	
+	/**
+	 * Set the bPK Target for this service provider
+	 * 
+	 * @param bPKTargetIdentifier
+	 * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this service provider 
+	 */
+	public void setbPKTargetIdentifier(String bPKTargetIdentifier) throws EAAFException {
+		String allowedTargetIdentifierRegExPattern = getConfigurationValue(
+				MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS,
+				MSeIDASNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS);		
+		log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern);
+		
+		Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern);
+		Matcher m = p.matcher(bPKTargetIdentifier);
+		if (m.matches()) {
+			log.debug("Requested bPK-target: " + bPKTargetIdentifier + " matches regex pattern");
+			this.bPKTargetIdentifier = bPKTargetIdentifier;
+			
+		} else {
+			log.warn("Requested bPK-target: " + bPKTargetIdentifier + " does NOT match regex pattern.");
+			throw new EAAFException("TODO", new Object[] {bPKTargetIdentifier}, 
+					"Requested bPK-target: " + bPKTargetIdentifier + " does NOT match regex pattern.");
+			
+		}
+					
+	}
+	
+}
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2018-06-26 11:06:20 +0200
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2018-06-26 11:06:20 +0200
commit	ae550884f5467f6ff6df23100686bc54e100d2d4 (patch)
tree	cb06420ee6a0399991fd97b2dec912872990a5a2 /connector/src/main/java/at/gv/egiz/eidas/specific/connector/config
download	National_eIDAS_Gateway-ae550884f5467f6ff6df23100686bc54e100d2d4.tar.gz National_eIDAS_Gateway-ae550884f5467f6ff6df23100686bc54e100d2d4.tar.bz2 National_eIDAS_Gateway-ae550884f5467f6ff6df23100686bc54e100d2d4.zip