aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java
diff options
context:
space:
mode:
authorAlexander Marsalek <amarsalek@iaik.tugraz.at>2021-01-18 10:57:38 +0100
committerAlexander Marsalek <amarsalek@iaik.tugraz.at>2021-01-18 12:04:52 +0100
commit9afa8f094712729b4486a408e12f4ab3027938b4 (patch)
tree3adbbf5d892452ea8b82404f28e95fdadd34ece8 /eidas_modules/authmodule-eIDAS-v2/src/main/java
parent09751b59f7e2da247c32324826607e5f1eef0f10 (diff)
parent68e9725d024ccef7b618f462dee5648ca288bdc0 (diff)
downloadNational_eIDAS_Gateway-9afa8f094712729b4486a408e12f4ab3027938b4.tar.gz
National_eIDAS_Gateway-9afa8f094712729b4486a408e12f4ab3027938b4.tar.bz2
National_eIDAS_Gateway-9afa8f094712729b4486a408e12f4ab3027938b4.zip
Merge branch 'base' into issue6
# Conflicts: # eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java # eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java # eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java # eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java # eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java # eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java # eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java # eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml # eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml # eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java # eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java12
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/EidasPersonalIdStoreDao.java158
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java1
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java54
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java69
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java59
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java49
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java4
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java118
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java6
13 files changed, 228 insertions, 316 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 15057600..8a1a63f5 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -35,6 +35,7 @@ public class Constants {
public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk";
public static final String DATA_SIMPLE_EIDAS = "simple_eidas_data";
+
// templates for post-binding forwarding
public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html";
public static final String TEMPLATE_POST_FORWARD_ENDPOINT = "endPoint";
@@ -53,11 +54,11 @@ public class Constants {
public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD = CONIG_PROPS_EIDAS_NODE
+ ".forward.method";
public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL =
- CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural.";
+ CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural";
public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL =
- CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural.";
+ CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural";
public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION =
- CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation.";
+ CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation";
public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME =
CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";
public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER =
@@ -78,6 +79,8 @@ public class Constants {
+ ".debug.logfullmessages";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY = CONIG_PROPS_EIDAS_SZRCLIENT
+ ".debug.useDummySolution";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND = CONIG_PROPS_EIDAS_SZRCLIENT
+ + ".eidasbind.mds.inject";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION = CONIG_PROPS_EIDAS_SZRCLIENT
+ ".timeout.connection";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE = CONIG_PROPS_EIDAS_SZRCLIENT
@@ -144,6 +147,9 @@ public class Constants {
public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier";
public static final String eIDAS_ATTR_LEGALNAME = "LegalName";
+ public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public";
+ public static final String eIDAS_REQ_PARAM_SECTOR_PRIVATE = "private";
+
public static final String POLICY_DEFAULT_ALLOWED_TARGETS =
EaafConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java
index e9302f6d..d3cac80c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java
@@ -47,7 +47,7 @@ import eu.eidas.auth.commons.EidasParameterKeys;
import eu.eidas.auth.commons.light.ILightResponse;
import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
-import eu.eidas.specificcommunication.protocol.impl.SpecificConnectorCommunicationServiceImpl;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
/**
* Controler implementation for eIDAS Node communication.
@@ -108,8 +108,8 @@ public class EidasSignalServlet extends AbstractProcessEngineSignalController {
}
log.trace("Receive eIDAS-node token: " + tokenBase64 + " Starting transaction-restore process ... ");
- final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService =
- (SpecificConnectorCommunicationServiceImpl) context.getBean(
+ final SpecificCommunicationService specificConnectorCommunicationService =
+ (SpecificCommunicationService) context.getBean(
SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString());
final ILightResponse eidasResponse = specificConnectorCommunicationService.getAndRemoveResponse(
tokenBase64,
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/EidasPersonalIdStoreDao.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/EidasPersonalIdStoreDao.java
deleted file mode 100644
index c7acdb15..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/EidasPersonalIdStoreDao.java
+++ /dev/null
@@ -1,158 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Iterator;
-import java.util.List;
-
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-
-@Deprecated
-public class EidasPersonalIdStoreDao {
- public static final String NAME = "foreigneIDMap";
-
- // Enum with all cols of this table
- public enum Cols {
- timestamp, transactionId, eidasId, eidasSourceCountry, eidasDestinationCountry, ernbId
- }
-
- public enum T {
- ID("INTEGER"),
- BIGINT("VARCHAR(265)"),
- URI("VARCHAR(256)"),
- DATE("Long"),
- TEXT("TEXT"),
- Long("BIGINT"),
- Int("INTEGER"),
- BLOB("BLOB"),
- CC("CHAR(2)"),
- BOOL("INTEGER");
-
- private final String type;
-
- T(String el) {
- type = el;
- }
-
- @Override
- public String toString() {
- return type;
- }
- }
-
- // define Cols of the table
- public static final List<Pair<String, T>> TABLE_COLS;
-
- static {
- final List<Pair<String, T>> cols = new ArrayList<>();
- cols.add(Pair.newInstance(Cols.timestamp.name(), T.DATE));
- cols.add(Pair.newInstance(Cols.transactionId.name(), T.TEXT));
- cols.add(Pair.newInstance(Cols.eidasId.name(), T.TEXT));
- cols.add(Pair.newInstance(Cols.eidasSourceCountry.name(), T.CC));
- cols.add(Pair.newInstance(Cols.eidasDestinationCountry.name(), T.CC));
- cols.add(Pair.newInstance(Cols.ernbId.name(), T.TEXT));
-
- TABLE_COLS = Collections.unmodifiableList(cols);
-
- }
-
- public static final String CREATE = "CREATE TABLE " + NAME
- + " (" + "id" + " " + T.ID.toString()
- + " PRIMARY KEY AUTOINCREMENT, " + buildCreateTableQuery(TABLE_COLS) + ")";
-
- public static final String INSERT = "INSERT INTO " + NAME
- + "(" + buildInsertQueryKeys(TABLE_COLS) + ")"
- + " VALUES (" + buildInsertQueryValues(TABLE_COLS) + ");";
-
- public static final String SELECT_BY_ERNB_ID = "SELECT * FROM " + NAME
- + " WHERE " + Cols.ernbId.name() + "=?;";
-
- public static final String SELECT_BY_EIDAS_RAW_ID = "SELECT * FROM " + NAME
- + " WHERE " + Cols.eidasId.name() + "=?"
- + " and " + Cols.eidasSourceCountry.name() + "=?" + ";";
-
- /**
- * Build a part of a SQL query, which contains the cols of a table that should
- * be created.
- *
- * @param cols List of DB col definitions {@link Pair}
- * @return Part of a SQL query, which contains cols that should be created
- */
- private static String buildCreateTableQuery(List<Pair<String, T>> cols) {
- StringBuffer buf = new StringBuffer();
- for (final Pair<String, T> el : cols) {
- buf.append(el.getFirst());
- buf.append(" ");
- buf.append(el.getSecond());
- buf.append(",");
-
- }
- String sql = buf.toString();
- return sql.substring(0, sql.length() - 1);
-
- }
-
- /**
- * Build a part of a SQL query, which contains the cols keys of a table for
- * insert operation.
- *
- * @param cols List of DB col definitions {@link Pair}
- * @return Part of a SQL query, which contains cols that should be created
- */
- protected static String buildInsertQueryKeys(List<Pair<String, T>> cols) {
-
- StringBuffer buf = new StringBuffer();
- for (final Pair<String, T> el : cols) {
- buf.append(el.getFirst());
- buf.append(",");
-
- }
- String sql = buf.toString();
- return sql.substring(0, sql.length() - 1);
- }
-
- /**
- * Build a part of a SQL query, which contains the cols values of a table for
- * insert operation.
- *
- * @param cols List of DB col definitions {@link Pair}
- * @return Part of a SQL query, which contains cols that should be created
- */
- protected static String buildInsertQueryValues(List<Pair<String, T>> cols) {
-
- StringBuffer buf = new StringBuffer();
- Iterator<Pair<String, T>> it = cols.iterator();
- while (it.hasNext()) {
- buf.append("?,");
- it.next();
-
- }
-
- String sql = buf.toString();
- return sql.substring(0, sql.length() - 1);
- }
-
-}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java
index cb499ca5..2f82387f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java
@@ -42,4 +42,5 @@ public interface IErnpClient {
void update(RegisterResult registerResult, SimpleEidasData eidData);
boolean createNewEntry(SimpleEidasData simpleEidasData);
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index e3c1e00f..734cf873 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -23,6 +23,19 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.commons.lang3.StringUtils;
+import org.joda.time.DateTime;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.lang.NonNull;
+
+import com.google.common.collect.ImmutableSortedSet;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
@@ -31,24 +44,15 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRe
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.impl.data.Triple;
-import com.google.common.collect.ImmutableSortedSet;
-import edu.umd.cs.findbugs.annotations.NonNull;
+
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
import eu.eidas.auth.commons.protocol.eidas.SpType;
-import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import java.util.Map;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
public abstract class AbstractEidProcessor implements INationalEidProcessor {
private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class);
@@ -61,10 +65,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
@Override
public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) {
+ buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder);
buildProviderNameAttribute(pendingReq, authnRequestBuilder);
buildRequestedAttributes(authnRequestBuilder);
}
+
@Override
public final ErnbEidData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException,
EidasAttributeException {
@@ -268,10 +274,36 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
if (StringUtils.isNotEmpty(providerName)) {
authnRequestBuilder.providerName(providerName);
+ authnRequestBuilder.requesterId(providerName);
+
}
}
+ }
+
+ private void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
+ // TODO: set matching mode if eIDAS ref. impl. support this method
+
+ // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA
+ // schemes
+ String loa = EaafConstants.EIDAS_LOA_HIGH;
+ if (spConfig.getRequiredLoA() != null) {
+ if (spConfig.getRequiredLoA().isEmpty()) {
+ log.info("No eIDAS LoA requested. Use LoA HIGH as default");
+ } else {
+ if (spConfig.getRequiredLoA().size() > 1) {
+ log.info(
+ "Currently only ONE requested LoA is supported for service provider. Use first one ... ");
+ }
+
+ loa = spConfig.getRequiredLoA().get(0);
+
+ }
+ }
+ log.debug("Request eIdAS node with LoA: " + loa);
+ authnRequestBuilder.levelOfAssurance(loa);
+
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
index cfaecfbb..234d52dd 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
@@ -79,7 +79,8 @@ public class AuthBlockSigningService {
EidasAuchBlock authBlock = new EidasAuchBlock();
authBlock.setChallenge(UUID.randomUUID().toString());
authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS));
- authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));
+ authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));
+ authBlock.setPiiTransactionId(pendingReq.getUniquePiiTransactionIdentifier());
String jwsPayload = mapper.writeValueAsString(authBlock);
log.debug("Building and sign authBlock with data: {}", jwsPayload);
@@ -185,6 +186,9 @@ public class AuthBlockSigningService {
@JsonProperty("appId")
private String uniqueId;
+ @JsonProperty("piiTransactionId")
+ private String piiTransactionId;
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java
index 98c4c2de..e73491ab 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java
@@ -35,13 +35,13 @@ import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.lang.NonNull;
import org.springframework.stereotype.Service;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
-import edu.umd.cs.findbugs.annotations.NonNull;
import eu.eidas.auth.commons.attribute.AttributeRegistries;
import eu.eidas.auth.commons.attribute.AttributeRegistry;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
index 69b993a4..1f5837d6 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
@@ -45,6 +45,7 @@ import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
+import javax.xml.XMLConstants;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Marshaller;
import javax.xml.namespace.QName;
@@ -58,8 +59,6 @@ import javax.xml.ws.BindingProvider;
import javax.xml.ws.Dispatch;
import javax.xml.ws.handler.Handler;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.endpoint.Client;
@@ -75,9 +74,14 @@ import org.springframework.stereotype.Service;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
@@ -111,7 +115,8 @@ public class SzrClient {
private static final String KEY_BC_BIND = "bcBindReq";
private static final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype";
private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind";
-
+ public static final String ATTR_NAME_MDS = "urn:eidgvat:mds";
+
@Autowired
private IConfiguration basicConfig;
@@ -229,7 +234,7 @@ public class SzrClient {
final String resp;
try {
- resp = this.szr.getStammzahlEncrypted(personInfo, false);
+ resp = this.szr.getStammzahlEncrypted(personInfo, true);
} catch (SZRException_Exception e) {
throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);
}
@@ -242,36 +247,38 @@ public class SzrClient {
}
-
/**
- * Signs content.
+ * Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status.
*
- * @param vsz ? TODO
+ * @param vsz encryped baseId
* @param bindingPubKey binding PublikKey as PKCS1# (ASN.1) container
* @param eidStatus Status of the E-ID
+ * @param eidData eID information that was used for ERnP registration
* @return bPK for this person
* @throws SzrCommunicationException In case of a SZR error
*/
- public String getBcBind(final String vsz, final String bindingPubKey, final String eidStatus)
- throws SzrCommunicationException {
-
- final Map<String, Object> bcBindMap = new HashMap<>();
- bcBindMap.put(ATTR_NAME_VSZ, vsz);
- bcBindMap.put(ATTR_NAME_STATUS, eidStatus);
- bcBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey));
-
+ public String getEidsaBind(final String vsz, final String bindingPubKey, final String eidStatus,
+ ErnbEidData eidData)throws SzrCommunicationException {
+
+ final Map<String, Object> eidsaBindMap = new HashMap<>();
+ eidsaBindMap.put(ATTR_NAME_VSZ, vsz);
+ eidsaBindMap.put(ATTR_NAME_STATUS, eidStatus);
+ eidsaBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey));
+ eidsaBindMap.put(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode());
+ injectMdsIfAvailableAndActive(eidsaBindMap, eidData);
+
try {
- final String serializedBcBind = mapper.writeValueAsString(bcBindMap);
+ final String serializedEidasBind = mapper.writeValueAsString(eidsaBindMap);
final SignContent req = new SignContent();
- final SignContentEntry bcBindInfo = new SignContentEntry();
- bcBindInfo.setKey(KEY_BC_BIND);
- bcBindInfo.setValue(serializedBcBind);
- req.getIn().add(bcBindInfo);
+ final SignContentEntry eidasBindInfo = new SignContentEntry();
+ eidasBindInfo.setKey(KEY_BC_BIND);
+ eidasBindInfo.setValue(serializedEidasBind);
+ req.getIn().add(eidasBindInfo);
req.setAppendCert(false);
- final JwsHeaderParam bcBindJoseHeader = new JwsHeaderParam();
- bcBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE);
- bcBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND);
- req.getJWSHeaderParam().add(bcBindJoseHeader);
+ final JwsHeaderParam eidasBindJoseHeader = new JwsHeaderParam();
+ eidasBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE);
+ eidasBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND);
+ req.getJWSHeaderParam().add(eidasBindJoseHeader);
log.trace("Requesting SZR to sign bcBind datastructure ... ");
final SignContentResponseType resp = szr.signContent(req.isAppendCert(), req.getJWSHeaderParam(), req.getIn());
@@ -486,8 +493,22 @@ public class SzrClient {
}
+ private void injectMdsIfAvailableAndActive(Map<String, Object> eidsaBindMap, ErnbEidData eidData) {
+ if (basicConfig.getBasicConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND, false)) {
+ log.info("Injecting MDS into eidasBind ... ");
+ final Map<String, Object> mds = new HashMap<>();
+ mds.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, eidData.getFamilyName());
+ mds.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, eidData.getGivenName());
+ mds.put(PvpAttributeDefinitions.BIRTHDATE_NAME, eidData.getFormatedDateOfBirth());
+ eidsaBindMap.put(ATTR_NAME_MDS, mds);
+
+ }
+ }
+
private byte[] sourceToByteArray(Source result) throws TransformerException {
final TransformerFactory factory = TransformerFactory.newInstance();
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
final Transformer transformer = factory.newTransformer();
transformer.setOutputProperty("omit-xml-declaration", "yes");
transformer.setOutputProperty("method", "xml");
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index f9142f8e..b519354c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -150,38 +150,40 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
// get encrypted baseId
String vsz = szrClient.getEncryptedStammzahl(personInfo);
-
+
+ //write revision-Log entry and extended infos personal-identifier mapping
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED);
+ writeExtendedRevisionLogEntry(simpleAttrMap, eidData);
+
+
// get eIDAS bind
- String signedEidasBind = szrClient.getBcBind(vsz,
+ String signedEidasBind = szrClient.getEidsaBind(vsz,
authBlockSigner.getBase64EncodedPublicKey(),
- EID_STATUS);
-
+ EID_STATUS, eidData);
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED);
+ authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
+
//get signed AuthBlock
String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq);
-
- //inject personal-data into session
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.TECH_AUCHBLOCK_CREATED);
authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
- authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
+
+ //inject personal-data into session
+ authProcessData.setEidProcess(true);
} else {
//request SZR
SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo);
- // write ERnB input-data into revision-log
- if (basicConfig.getBasicConfigurationBoolean(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) {
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
- (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym());
-
- }
+ //write revision-Log entry for personal-identifier mapping
+ writeExtendedRevisionLogEntry(simpleAttrMap, eidData);
//check result-data and write revision-log based on current state
checkStateAndWriteRevisionLog(idlResult);
-
//inject personal-data into session
authProcessData.setIdentityLink(idlResult.getIdentityLink());
+ authProcessData.setEidProcess(false);
// set bPK and bPKType into auth session
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(
@@ -217,6 +219,17 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
+ private void writeExtendedRevisionLogEntry(Map<String, Object> simpleAttrMap, ErnbEidData eidData) {
+ // write ERnB input-data into revision-log
+ if (basicConfig.getBasicConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) {
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
+ (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym());
+
+ }
+ }
+
private PersonInfoType generateSzrRequest(ErnbEidData eidData) {
log.debug("Starting connecting SZR Gateway");
final PersonInfoType personInfo = new PersonInfoType();
@@ -279,14 +292,18 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
// get bPK from SZR
- String bpk;
+ String bpk = null;
if (basicConfig
.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
- bpk = szrClient
+ List<String> bpkList = szrClient
.getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
basicConfig
- .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"))
- .get(0);
+ .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"));
+ if (!bpkList.isEmpty()) {
+ bpk = bpkList.get(0);
+
+ }
+
} else {
log.debug("Calculating bPK from baseId ... ");
@@ -380,7 +397,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
} else {
final List<String> natPersonIdObj = EidasResponseUtils
- .translateStringListAttribute(el, attributeMap.get(el).asList());
+ .translateStringListAttribute(el, attributeMap.get(el));
final String stringAttr = natPersonIdObj.get(0);
if (StringUtils.isNotEmpty(stringAttr)) {
result.put(el.getFriendlyName(), stringAttr);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
index 0b6e9ee8..92f58877 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
@@ -41,10 +41,8 @@ import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -87,9 +85,6 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
throws TaskExecutionException {
try {
- // get service-provider configuration
- final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
-
// get target, environment and validate citizen countryCode
final String citizenCountryCode = (String) executionContext.get(
MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY);
@@ -110,6 +105,13 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
final LightRequest.Builder authnRequestBuilder = LightRequest.builder();
authnRequestBuilder.id(UUID.randomUUID().toString());
+ // set nameIDFormat
+ authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
+
+ // set citizen country code for foreign uses
+ authnRequestBuilder.citizenCountryCode(citizenCountryCode);
+
+ //set Issuer
final String issur = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_ENTITYID);
if (StringUtils.isEmpty(issur)) {
log.error("Found NO 'eIDAS node issuer' in configuration. Authentication NOT possible!");
@@ -119,42 +121,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
}
authnRequestBuilder.issuer(issur);
- // TODO: set matching mode if eIDAS ref. impl. support this method
-
- // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA
- // schemes
- String loa = EaafConstants.EIDAS_LOA_HIGH;
- if (spConfig.getRequiredLoA() != null) {
- if (spConfig.getRequiredLoA().isEmpty()) {
- log.info("No eIDAS LoA requested. Use LoA HIGH as default");
- } else {
- if (spConfig.getRequiredLoA().size() > 1) {
- log.info(
- "Currently only ONE requested LoA is supported for service provider. Use first one ... ");
- }
-
- loa = spConfig.getRequiredLoA().get(0);
-
- }
- }
-
- log.debug("Request eIdAS node with LoA: " + loa);
- authnRequestBuilder.levelOfAssurance(loa);
-
- // set nameIDFormat
- authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
-
- // set citizen country code for foreign uses
- authnRequestBuilder.citizenCountryCode(citizenCountryCode);
-
- // set relay state
- /*
- * TODO: SecureToken PendingRequestId generates a validation exception in
- * eIDASNode because eIDASNode implements limit on size for RelayState
- * (80characaters)
- */
- // authnRequestBuilder.relayState(pendingReq.getPendingRequestId());
-
+
// Add country-specific informations into eIDAS request
ccSpecificProcessing.preProcess(citizenCountryCode, pendingReq, authnRequestBuilder);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
index 34e258ca..9e5b4d67 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
@@ -296,7 +296,7 @@ public class InitialSearchTask extends AbstractAuthServletTask {
}
} else {
final List<String> natPersonIdObj = EidasResponseUtils
- .translateStringListAttribute(el, attributeMap.get(el).asList());
+ .translateStringListAttribute(el, attributeMap.get(el));
final String stringAttr = natPersonIdObj.get(0);
if (StringUtils.isNotEmpty(stringAttr)) {
result.put(el.getFriendlyName(), stringAttr);
@@ -309,4 +309,4 @@ public class InitialSearchTask extends AbstractAuthServletTask {
log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString());
return result;
}
-}
+} \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
index aafcd8b9..ef8822aa 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
@@ -19,7 +19,7 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
-*/
+ */
package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils;
@@ -28,6 +28,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttribute
import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
import at.gv.egiz.eaaf.core.impl.data.Triple;
import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.AttributeValue;
import eu.eidas.auth.commons.attribute.AttributeValueMarshaller;
@@ -57,7 +58,7 @@ public class EidasResponseUtils {
*
* @param uniqueID eIDAS attribute value of a unique identifier
* @return true if the uniqueID matches to eIDAS to Unique Identifier
- * specification, otherwise false
+ * specification, otherwise false
*/
public static boolean validateEidasPersonalIdentifier(String uniqueID) {
final Pattern pattern = Pattern.compile(PERSONALIDENIFIER_VALIDATION_PATTERN);
@@ -73,10 +74,10 @@ public class EidasResponseUtils {
*
* @param uniqueID eIDAS attribute value of a unique identifier
* @return {@link Triple} that contains: <br>
- * First : citizen country <br>
- * Second: destination country <br>
- * Third : unique identifier <br>
- * or null if the attribute value has a wrong format
+ * First : citizen country <br>
+ * Second: destination country <br>
+ * Third : unique identifier <br>
+ * or null if the attribute value has a wrong format
*/
public static Triple<String, String, String> parseEidasPersonalIdentifier(String uniqueID) {
if (!validateEidasPersonalIdentifier(uniqueID)) {
@@ -93,58 +94,79 @@ public class EidasResponseUtils {
* Get eIDAS attribute-values from eIDAS Node attributes.
*
* @param attributeDefinition eIDAS attribute definition
- * @param attributeValues Attributes from eIDAS response
- * @return Set of attribute values. If more then one value than the first value contains the 'Latin' value.
+ * @param attributeValues Attributes from eIDAS response
+ * @return Set of attribute values. If more then one value than the first value
+ * contains the 'Latin' value.
*/
// TODO: check possible problem with nonLatinCharacters
public static List<String> translateStringListAttribute(AttributeDefinition<?> attributeDefinition,
- ImmutableList<? extends AttributeValue<?>> attributeValues) {
+ @Nullable ImmutableSet<? extends AttributeValue<?>> attributeValues) {
final List<String> stringListAttribute = new ArrayList<>();
- final AttributeValueMarshaller<?> attributeValueMarshaller = attributeDefinition
- .getAttributeValueMarshaller();
- for (final AttributeValue<?> attributeValue : attributeValues) {
- String valueString = null;
- try {
- valueString = attributeValueMarshaller.marshal((AttributeValue) attributeValue);
-
- log.trace("Find attr: {} with value: {} nonLatinFlag: {} needTransliteration: {}",
- attributeDefinition.getFriendlyName(), attributeValue.toString(),
- attributeValue.isNonLatinScriptAlternateVersion(),
- AttributeValueTransliterator.needsTransliteration(valueString));
-
- // if (attributeValue.isNonLatinScriptAlternateVersion()) {
- if (!AttributeValueTransliterator.needsTransliteration(valueString)) {
- stringListAttribute.add(0, valueString);
-
- } else {
- log.trace("Find 'needsTransliteration' flag. Setting this value at last list element ... ");
- stringListAttribute.add(valueString);
+ if (attributeValues == null) {
+ log.info("Can not extract infos from 'null' attribute value");
- }
+ } else {
+ final AttributeValueMarshaller<?> attributeValueMarshaller =
+ attributeDefinition.getAttributeValueMarshaller();
+ for (final AttributeValue<?> attributeValue : attributeValues) {
+ String valueString = null;
+ try {
+ valueString = attributeValueMarshaller.marshal((AttributeValue) attributeValue);
+
+ log.trace("Find attr: {} with value: {} nonLatinFlag: {} needTransliteration: {}",
+ attributeDefinition.getFriendlyName(), attributeValue.toString(),
+ attributeValue.isNonLatinScriptAlternateVersion(),
+ AttributeValueTransliterator.needsTransliteration(valueString));
+
+ // if (attributeValue.isNonLatinScriptAlternateVersion()) {
+ if (!AttributeValueTransliterator.needsTransliteration(valueString)) {
+ stringListAttribute.add(0, valueString);
+
+ } else {
+ log.trace("Find 'needsTransliteration' flag. Setting this value at last list element ... ");
+ stringListAttribute.add(valueString);
+
+ log.trace("Find attr: {} with value: {} nonLatinFlag: {} needTransliteration: {}",
+ attributeDefinition.getFriendlyName(), attributeValue.toString(),
+ attributeValue.isNonLatinScriptAlternateVersion(),
+ AttributeValueTransliterator.needsTransliteration(valueString));
+
+ // if (attributeValue.isNonLatinScriptAlternateVersion()) {
+ if (!AttributeValueTransliterator.needsTransliteration(valueString)) {
+ stringListAttribute.add(0, valueString);
+
+ } else {
+ log.trace("Find 'needsTransliteration' flag. Setting this value at last list element ... ");
+ stringListAttribute.add(valueString);
+
+ }
+ }
+ } catch (final AttributeValueMarshallingException e) {
+ throw new IllegalStateException(e);
- } catch (final AttributeValueMarshallingException e) {
- throw new IllegalStateException(e);
+ }
}
- }
+ log.trace("Extract values: {} for attr: {}",
+ StringUtils.join(stringListAttribute, ","), attributeDefinition.getFriendlyName());
- log.trace("Extract values: {} for attr: {}",
- StringUtils.join(stringListAttribute, ","), attributeDefinition.getFriendlyName());
+ }
return stringListAttribute;
}
+
/**
* Convert eIDAS DateTime attribute to Java Object.
*
* @param attributeDefinition eIDAS attribute definition.
- * @param attributeValues eIDAS attribute value
+ * @param attributeValues eIDAS attribute value
* @return
*/
@Nullable
public static DateTime translateDateAttribute(AttributeDefinition<?> attributeDefinition,
- ImmutableList<? extends AttributeValue<?>> attributeValues) {
+ ImmutableList<? extends AttributeValue<?>> attributeValues) {
if (attributeValues.size() != 0) {
final AttributeValue<?> firstAttributeValue = attributeValues.get(0);
return (DateTime) firstAttributeValue.getValue();
@@ -158,12 +180,12 @@ public class EidasResponseUtils {
* Concert eIDAS Address attribute to Java object.
*
* @param attributeDefinition eIDAS attribute definition
- * @param attributeValues eIDAS attribute value
+ * @param attributeValues eIDAS attribute value
* @return
*/
@Nullable
public static PostalAddress translateAddressAttribute(AttributeDefinition<?> attributeDefinition,
- ImmutableList<? extends AttributeValue<?>> attributeValues) {
+ ImmutableList<? extends AttributeValue<?>> attributeValues) {
final AttributeValue<?> firstAttributeValue = attributeValues.get(0);
return (PostalAddress) firstAttributeValue.getValue();
}
@@ -173,7 +195,7 @@ public class EidasResponseUtils {
*
* @param currentAddressObj eIDAS current address information
* @return current address or null if no attribute is available
- * @throws EidasAttributeException if eIDAS attribute is of a wrong type
+ * @throws EidasAttributeException if eIDAS attribute is of a wrong type
*/
public static PostalAddressType processAddress(Object currentAddressObj) throws EidasAttributeException {
if (currentAddressObj != null) {
@@ -198,7 +220,7 @@ public class EidasResponseUtils {
*
* @param birthNameObj eIDAS birthname information
* @return birthName or null if no attribute is available
- * @throws EidasAttributeException if eIDAS attribute is of a wrong type
+ * @throws EidasAttributeException if eIDAS attribute is of a wrong type
*/
public static String processBirthName(Object birthNameObj) throws EidasAttributeException {
if (birthNameObj != null) {
@@ -219,7 +241,7 @@ public class EidasResponseUtils {
*
* @param placeOfBirthObj eIDAS Place-of-Birth information
* @return place of Birth or null if no attribute is available
- * @throws EidasAttributeException if eIDAS attribute is of a wrong type
+ * @throws EidasAttributeException if eIDAS attribute is of a wrong type
*/
public static String processPlaceOfBirth(Object placeOfBirthObj) throws EidasAttributeException {
if (placeOfBirthObj != null) {
@@ -243,7 +265,7 @@ public class EidasResponseUtils {
*
* @param dateOfBirthObj eIDAS date-of-birth attribute information
* @return formated user's date-of-birth
- * @throws EidasAttributeException if NO attribute is available
+ * @throws EidasAttributeException if NO attribute is available
*/
public static DateTime processDateOfBirth(Object dateOfBirthObj) throws EidasAttributeException {
if (!(dateOfBirthObj instanceof DateTime)) {
@@ -257,7 +279,7 @@ public class EidasResponseUtils {
*
* @param dateOfBirthObj eIDAS date-of-birth attribute information
* @return formated user's date-of-birth as string
- * @throws EidasAttributeException if NO attribute is available
+ * @throws EidasAttributeException if NO attribute is available
*/
public static String processDateOfBirthToString(Object dateOfBirthObj) throws EidasAttributeException {
if (!(dateOfBirthObj instanceof DateTime)) {
@@ -271,7 +293,7 @@ public class EidasResponseUtils {
*
* @param givenNameObj eIDAS givenName attribute information
* @return formated user's givenname
- * @throws EidasAttributeException if NO attribute is available
+ * @throws EidasAttributeException if NO attribute is available
*/
public static String processGivenName(Object givenNameObj) throws EidasAttributeException {
if (!(givenNameObj instanceof String)) {
@@ -285,7 +307,7 @@ public class EidasResponseUtils {
*
* @param familyNameObj eIDAS familyName attribute information
* @return formated user's familyname
- * @throws EidasAttributeException if NO attribute is available
+ * @throws EidasAttributeException if NO attribute is available
*/
public static String processFamilyName(Object familyNameObj) throws EidasAttributeException {
if (!(familyNameObj instanceof String)) {
@@ -299,7 +321,7 @@ public class EidasResponseUtils {
*
* @param personalIdObj eIDAS PersonalIdentifierAttribute
* @return Unique personal identifier without country-code information
- * @throws EidasAttributeException if NO attribute is available
+ * @throws EidasAttributeException if NO attribute is available
*/
public static String processPseudonym(Object personalIdObj) throws EidasAttributeException {
if (!(personalIdObj instanceof String)) {
@@ -318,7 +340,7 @@ public class EidasResponseUtils {
*
* @param taxReferenceObj eIDAS TaxReference attribute information
* @return formated user's TaxReference
- * @throws EidasAttributeException if NO attribute is available
+ * @throws EidasAttributeException if NO attribute is available
*/
public static String processTaxReference(Object taxReferenceObj) throws EidasAttributeException {
if (!(taxReferenceObj instanceof String)) {
@@ -326,4 +348,4 @@ public class EidasResponseUtils {
}
return (String) taxReferenceObj;
}
-}
+} \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java
index 1836e87b..9d9a0647 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java
@@ -29,7 +29,7 @@ import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException;
@@ -98,8 +98,8 @@ public class EidasResponseValidator {
*/
final AttributeDefinition<?> attrDefinition = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
- final ImmutableList<? extends AttributeValue<?>> attributeValues = eidasResponse.getAttributes()
- .getAttributeMap().get(attrDefinition).asList();
+ final ImmutableSet<? extends AttributeValue<?>> attributeValues = eidasResponse.getAttributes()
+ .getAttributeMap().get(attrDefinition);
final List<String> personalIdObj = EidasResponseUtils.translateStringListAttribute(attrDefinition,
attributeValues);