aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2018-07-24 06:39:34 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2018-07-24 06:39:34 +0200
commit9b7b67ee1b3c00a3760e09c05fa9e65d4a4e80fa (patch)
tree05b83dd2396439737d30fb04f8b082a306cd5d02 /eidas_modules/authmodule-eIDAS-v2
parentb3e812dbac60546daff66fa0f6c53e42030921bb (diff)
downloadNational_eIDAS_Gateway-9b7b67ee1b3c00a3760e09c05fa9e65d4a4e80fa.tar.gz
National_eIDAS_Gateway-9b7b67ee1b3c00a3760e09c05fa9e65d4a4e80fa.tar.bz2
National_eIDAS_Gateway-9b7b67ee1b3c00a3760e09c05fa9e65d4a4e80fa.zip
update countrySelectionProcess to support more than one eIDAS Nodes for different production stages. This is required, because eIDAS Ref. Impl. 2.0 and 2.1 supports only one countryCode each instance.
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java1
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java5
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java59
3 files changed, 55 insertions, 10 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
index b1cd128f..beb3cce7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
@@ -11,7 +11,6 @@ import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
public class Constants {
- public static final String EXECUTIONCONTEXT_SELECTED_COUNTRY = "selectedCountry";
public static final String DATA_REQUESTERID = "req_requesterId";
public static final String DATA_PROVIDERNAME = "req_providerName";
public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
index fef9cbfa..c41559b8 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
@@ -6,6 +6,7 @@ import org.apache.commons.lang3.StringUtils;
import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
/**
* @author tlenz
@@ -33,8 +34,8 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
*/
@Override
public String selectProcess(ExecutionContext context) {
- if (StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)) ||
- StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)))
+ if (StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY)) ||
+ StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY)))
return "eIDASAuthentication_v2";
else
return null;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
index d65ce72f..e9a7a190 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eidas.specific.connector.MSConnectorEventCodes;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
import at.gv.egiz.eidas.specific.connector.gui.StaticGuiBuilderConfiguration;
import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants;
import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
@@ -70,9 +71,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
//get service-provider configuration
ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
- // get target and validate citizen countryCode
- String citizenCountryCode = (String) executionContext.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY);
-
+ // get target, environment and validate citizen countryCode
+ String citizenCountryCode = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY);
+ String environment = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT);
+
if (StringUtils.isEmpty(citizenCountryCode)) {
// illegal state; task should not have been executed without a selected country
throw new eIDASAuthenticationException("eidas.03", new Object[] { "" });
@@ -179,6 +181,18 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
}
+ //select forward URL regarding the selected environment
+ String forwardURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL);
+ if (StringUtils.isNotEmpty(environment))
+ forwardURL = selectedForwardURLForEnvironment(environment);
+
+ if (StringUtils.isEmpty(forwardURL)) {
+ log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops");
+ throw new EAAFConfigurationException("config.08", new Object[] {Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL});
+
+ }
+ log.debug("ForwardURL: " + forwardURL + " selected to forward eIDAS request");
+
if (basicConfig.getBasicConfiguration(
Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD,
Constants.FORWARD_METHOD_GET
@@ -186,7 +200,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
log.debug("Use http-redirect for eIDAS node forwarding ... ");
//send redirect
- UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL));
+ UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardURL);
redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64);
response.sendRedirect(redirectUrl.build().encode().toString());
@@ -198,8 +212,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
Constants.TEMPLATE_POST_FORWARD_NAME,
null);
- config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT,
- basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL));
+ config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL);
config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME,
EidasParameterKeys.TOKEN.toString());
config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE,
@@ -223,7 +236,39 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
}
- private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) {
+ /**
+ * Select a forward URL from configuration for a specific environment
+ * <br><br>
+ * <b>Info: </b> This method is needed, because eIDAS Ref. Impl only supports one countrycode on each instance.
+ * In consequence, more than one eIDAS Ref. Impl nodes are required to support producation, testing, or QS stages
+ * for one country by using one ms-specific eIDAS connector
+ *
+ * @param environment Environment selector from CountrySlection page
+ * @return
+ */
+ private String selectedForwardURLForEnvironment(String environment) {
+ log.trace("Starting endpoint selection process for environment: " + environment + " ... ");
+ if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION))
+ return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL);
+
+ else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS))
+ return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL
+ + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS);
+
+ else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING))
+ return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL
+ + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING);
+
+ else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT))
+ return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL
+ + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT);
+
+ log.info("Environment selector: " + environment + " is not supported");
+ return null;
+
+ }
+
+ private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) {
ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder();
for (Map.Entry<String,Boolean> attribute : requiredAttributes.entrySet()) {
final String name = attribute.getKey();