update countrySelectionProcess to support more than one eIDAS Nodes for different production stages. This is required, because eIDAS Ref. Impl. 2.0 and 2.1 supports only one countryCode each instance.

3 files changed, 55 insertions, 10 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
index b1cd128f..beb3cce7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
@@ -11,7 +11,6 @@ import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 
 public class Constants {
  	
-	public static final String EXECUTIONCONTEXT_SELECTED_COUNTRY = "selectedCountry";
 	public static final String DATA_REQUESTERID = "req_requesterId";
 	public static final String DATA_PROVIDERNAME = "req_providerName";
 	public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
index fef9cbfa..c41559b8 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
@@ -6,6 +6,7 @@ import org.apache.commons.lang3.StringUtils;
 
 import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
 
 /**
  * @author tlenz
@@ -33,8 +34,8 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
 	 */
 	@Override
 	public String selectProcess(ExecutionContext context) {
-		if (StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)) || 
-				StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)))
+		if (StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY)) || 
+				StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY)))
 			return "eIDASAuthentication_v2";
 		else
 			return null;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
index d65ce72f..e9a7a190 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eidas.specific.connector.MSConnectorEventCodes;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
 import at.gv.egiz.eidas.specific.connector.gui.StaticGuiBuilderConfiguration;
 import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants;
 import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
@@ -70,9 +71,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			//get service-provider configuration
 			ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
 
-			// get target and validate citizen countryCode
-			String citizenCountryCode = (String) executionContext.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY);
-
+			// get target, environment and validate citizen countryCode
+			String citizenCountryCode = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY);
+			String environment = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT);
+			
 			if (StringUtils.isEmpty(citizenCountryCode)) {
 				// illegal state; task should not have been executed without a selected country
 				throw new eIDASAuthenticationException("eidas.03", new Object[] { "" });
@@ -179,6 +181,18 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 				
 			}
 			
+			//select forward URL regarding the selected environment
+			String forwardURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL);
+			if (StringUtils.isNotEmpty(environment))
+				forwardURL = selectedForwardURLForEnvironment(environment);
+				
+			if (StringUtils.isEmpty(forwardURL)) {
+				log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops");
+				throw new EAAFConfigurationException("config.08", new Object[] {Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL});
+				
+			}
+			log.debug("ForwardURL: " + forwardURL + " selected to forward eIDAS request");
+			
 			if (basicConfig.getBasicConfiguration(
 						Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD, 
 						Constants.FORWARD_METHOD_GET
@@ -186,7 +200,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 				
 				log.debug("Use http-redirect for eIDAS node forwarding ...  ");
 				//send redirect
-				UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL));
+				UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardURL);
 				redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64);			
 				response.sendRedirect(redirectUrl.build().encode().toString());
 				
@@ -198,8 +212,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 						Constants.TEMPLATE_POST_FORWARD_NAME, 
 						null);
 				
-				config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, 
-						basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL));
+				config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL);
 				config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME,
 						EidasParameterKeys.TOKEN.toString());				
 				config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE,
@@ -223,7 +236,39 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 		
 	}
 		
-    private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) {
+	/**
+	 * Select a forward URL from configuration for a specific environment
+	 * <br><br>
+	 * <b>Info: </b> This method is needed, because eIDAS Ref. Impl only supports one countrycode on each instance. 
+	 * In consequence, more than one eIDAS Ref. Impl nodes are required to support producation, testing, or QS stages 
+	 * for one country by using one ms-specific eIDAS connector   
+	 * 
+	 * @param environment Environment selector from CountrySlection page
+	 * @return
+	 */
+    private String selectedForwardURLForEnvironment(String environment) {
+    	log.trace("Starting endpoint selection process for environment: " + environment + " ... ");
+    	if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION))
+    		return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL);
+    	
+    	else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS))
+			return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL 
+						+ "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS);
+    	
+    	else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING))
+			return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL 
+						+ "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING);
+    	
+    	else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT))
+			return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL 
+						+ "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT);    	
+		
+    	log.info("Environment selector: " + environment + " is not supported");
+    	return null;
+		
+	}
+
+	private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) {
         ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder();
         for (Map.Entry<String,Boolean> attribute : requiredAttributes.entrySet()) {
             final String name = attribute.getKey();