Merge branch 'feature/requesterId_and_lu' into 'nightlybuild'

Feature/requester id and lu See merge request egiz/eidas_at_proxy!8
author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2021-01-20 15:38:49 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2021-01-20 15:38:49 +0100
commit: 285dc40bf344433514c10c4bfad7cbd864550311 (patch)
tree: b6086edb423abb9ecf9125ded79eaebcdb0a9376 /eidas_modules/authmodule-eIDAS-v2/src/main/java
parent: c77fcb3e75da79647f099216c3478ecdf219a120 (diff)
parent: 2fabf6cfdc78fceac1302d45c88d08214fe4e9e3 (diff)
download: National_eIDAS_Gateway-285dc40bf344433514c10c4bfad7cbd864550311.tar.gz
National_eIDAS_Gateway-285dc40bf344433514c10c4bfad7cbd864550311.tar.bz2
National_eIDAS_Gateway-285dc40bf344433514c10c4bfad7cbd864550311.zip
3 files changed, 153 insertions, 54 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index cdc17654..c175d999 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -56,15 +56,21 @@ public class Constants {
       CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural";
   public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION =
       CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation";
+  
+  public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION =
+      CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm";
+  public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX =
+      CONIG_PROPS_EIDAS_NODE + ".requesterId.lu.useStaticRequesterForAll";
+  
   public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME =
-      CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";
+      CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";  
   public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER =
       CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier";
-  public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP =
-      CONIG_PROPS_EIDAS_NODE + ".workarounds.useStaticProviderNameForPublicSPs";
+  
+  
   public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE
       + ".staticProviderNameForPublicSPs";
-  public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "ERnP";
+  public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "Austria";
 
   public static final String FORWARD_METHOD_POST = "POST";
   public static final String FORWARD_METHOD_GET = "GET";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index 42dbfeac..90be9a7a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -23,6 +23,10 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
 
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
 import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -66,7 +70,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
   public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) {
 
     buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder);
-    buildProviderNameAttribute(pendingReq, authnRequestBuilder);
+    buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder);
     buildRequestedAttributes(authnRequestBuilder);
 
   }
@@ -272,6 +276,83 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
 
   }
 
+  /**
+   * Set ProviderName and RequestId into eIDAS AuthnRequest.
+   * 
+   * @param pendingReq Current pendingRequest
+   * @param authnRequestBuilder AuthnREquest builer
+   */
+  protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
+    final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+
+    // set correct SPType for requested target sector
+    final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
+        Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
+        Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
+    final Pattern p = Pattern.compile(publicSectorTargetSelector);
+    final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
+    if (m.matches()) {
+      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
+      authnRequestBuilder.spType(SpType.PUBLIC.getValue());
+
+      final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+      if (basicConfig.getBasicConfigurationBoolean(
+              Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
+              false)) {
+        //TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for
+        if (StringUtils.isNotEmpty(providerName)) {
+          log.debug("Set 'providername' to: {}", providerName);
+          authnRequestBuilder.providerName(providerName);  
+          
+        } else {
+          authnRequestBuilder.providerName(basicConfig.getBasicConfiguration(
+              Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
+              Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP));
+          
+        }                 
+      }
+
+    } else {
+      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
+      authnRequestBuilder.spType(SpType.PRIVATE.getValue());
+
+      // TODO: switch to RequesterId in further version
+      // set provider name for private sector applications
+      final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+      if (StringUtils.isNotEmpty(providerName)) {
+        authnRequestBuilder.providerName(providerName);
+                      
+      }
+      
+      authnRequestBuilder.requesterId(
+          generateRequesterId(pendingReq.getRawData(Constants.DATA_REQUESTERID, String.class)));
+            
+    }
+  }
+  
+  private String generateRequesterId(String requesterId) {
+    if (requesterId != null && basicConfig.getBasicConfigurationBoolean(
+        Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) {            
+      try {
+        log.trace("Building hashed 'requesterId' for private SP ... ");
+        MessageDigest digest = MessageDigest.getInstance("SHA-256");
+        String encodedRequesterId = Base64.getEncoder().encodeToString(
+            digest.digest(requesterId.getBytes(StandardCharsets.UTF_8)));                
+        log.debug("Set 'requesterId' for: {} to: {}", requesterId, encodedRequesterId);
+        return encodedRequesterId;
+        
+      } catch (NoSuchAlgorithmException e) {
+        log.error("Can NOT generate hashed 'requesterId' from: {}. Use it as it is", requesterId, e);
+        
+      }
+            
+    }
+    
+    return requesterId;
+    
+  }
+
+
   private void buildRequestedAttributes(Builder authnRequestBuilder) {
     // build and add requested attribute set
     final Map<String, Boolean> ccSpecificReqAttr = getCountrySpecificRequestedAttributes();
@@ -308,55 +389,6 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
     return builder.build();
 
   }
-
-  private void buildProviderNameAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
-    final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
-
-    // set correct SPType for requested target sector
-    final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
-        Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
-        Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
-    final Pattern p = Pattern.compile(publicSectorTargetSelector);
-    final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
-    if (m.matches()) {
-      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
-      authnRequestBuilder.spType(SpType.PUBLIC.getValue());
-
-      if (basicConfig.getBasicConfigurationBoolean(
-          Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
-          true)) {
-        authnRequestBuilder.providerName(basicConfig.getBasicConfiguration(
-            Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
-            Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP));
-
-      } else {
-        // TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for
-        // any SPType
-        final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
-        if (StringUtils.isNotEmpty(providerName)
-            && basicConfig.getBasicConfigurationBoolean(
-                Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
-                false)) {
-          authnRequestBuilder.providerName(providerName);
-
-        }
-      }
-
-    } else {
-      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
-      authnRequestBuilder.spType(SpType.PRIVATE.getValue());
-
-      // TODO: switch to RequesterId in further version
-      // set provider name for private sector applications
-      final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
-      if (StringUtils.isNotEmpty(providerName)) {
-        authnRequestBuilder.providerName(providerName);
-        authnRequestBuilder.requesterId(providerName);
-        
-      }
-
-    }
-  }
   
   private void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
     // TODO: set matching mode if eIDAS ref. impl. support this method
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java
new file mode 100644
index 00000000..8402457f
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java
@@ -0,0 +1,61 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class LuEidProcessor extends AbstractEidProcessor {
+
+  
+  
+  private static final String canHandleCC = "LU";
+
+  @Getter
+  @Setter
+  private int priority = 1;
+  
+  @Override
+  public String getName() {
+    return "LU-PostProcessor";
+    
+  }
+
+  @Override
+  public boolean canHandle(String countryCode) {
+    return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC);
+    
+  }
+
+  @Override
+  protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
+    super.buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder);    
+    if (basicConfig.getBasicConfigurationBoolean(
+        Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX, true)) {      
+      String staticName = basicConfig.getBasicConfiguration(
+          Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
+          Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP);                
+      authnRequestBuilder.providerName(staticName);
+      authnRequestBuilder.requesterId(staticName);
+      log.debug("Use static name: {} as 'providerName' and 'RequesterId' for all 'LU' requests ", staticName);
+                 
+    } else { 
+      log.info("Static 'providerName' and 'RequesterId' for country: LU is deactivated");
+      
+    }
+    
+  }
+  
+  @Override
+  protected Map<String, Boolean> getCountrySpecificRequestedAttributes() {
+    return new HashMap<>();
+    
+  }
+
+}
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2021-01-20 15:38:49 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2021-01-20 15:38:49 +0100
commit	285dc40bf344433514c10c4bfad7cbd864550311 (patch)
tree	b6086edb423abb9ecf9125ded79eaebcdb0a9376 /eidas_modules/authmodule-eIDAS-v2/src/main/java
parent	c77fcb3e75da79647f099216c3478ecdf219a120 (diff)
parent	2fabf6cfdc78fceac1302d45c88d08214fe4e9e3 (diff)
download	National_eIDAS_Gateway-285dc40bf344433514c10c4bfad7cbd864550311.tar.gz National_eIDAS_Gateway-285dc40bf344433514c10c4bfad7cbd864550311.tar.bz2 National_eIDAS_Gateway-285dc40bf344433514c10c4bfad7cbd864550311.zip