aboutsummaryrefslogtreecommitdiff
path: root/connector/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'connector/src/main/java')
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java54
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java82
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java105
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java68
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java64
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java40
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/config/MsConnectorMessageSource.java21
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java158
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java269
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java59
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java80
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/health/Saml2MetadataHealthIndicator.java44
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java68
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java83
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java84
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java97
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java51
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java183
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java382
19 files changed, 0 insertions, 1992 deletions
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java
deleted file mode 100644
index 45e5c7d4..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-package at.asitplus.eidas.specific.connector;
-
-import org.springframework.core.io.ClassPathResource;
-import org.springframework.core.io.Resource;
-
-import at.gv.egiz.components.spring.api.SpringResourceProvider;
-
-public class MsSpecificEidasNodeSpringResourceProvider implements SpringResourceProvider {
-
- @Override
- public Resource[] getResourcesToLoad() {
- final ClassPathResource generic =
- new ClassPathResource("/applicationContext.xml", MsSpecificEidasNodeSpringResourceProvider.class);
- final ClassPathResource msEidasNode = new ClassPathResource(
- "/specific_eIDAS_connector.beans.xml", MsSpecificEidasNodeSpringResourceProvider.class);
-
- return new Resource[] { generic, msEidasNode};
-
- }
-
- @Override
- public String[] getPackagesToScan() {
- return null;
- }
-
- @Override
- public String getName() {
- return "MS-specific eIDAS-Connector SpringResourceProvider";
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java
deleted file mode 100644
index 399d1286..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java
+++ /dev/null
@@ -1,82 +0,0 @@
-package at.asitplus.eidas.specific.connector;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.util.Properties;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.core.env.MutablePropertySources;
-import org.springframework.core.env.PropertiesPropertySource;
-
-import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
-import lombok.extern.slf4j.Slf4j;
-
-@Slf4j
-public class MsSpecificSpringBootApplicationContextInitializer extends
- SpringBootApplicationContextInitializer {
-
- private static final String SYSTEMD_PROP_NAME = "eidas.ms.configuration";
- private static final String PATH_FILE_PREFIX = "file:";
-
- @Override
- public void initialize(ConfigurableApplicationContext applicationContext) {
- String configPath = System.getProperty(SYSTEMD_PROP_NAME);
- if (StringUtils.isNotEmpty(configPath)) {
- log.debug("Find configuration-source from SystemD Property: '{}' ...", SYSTEMD_PROP_NAME);
- if (configPath.startsWith(PATH_FILE_PREFIX)) {
- configPath = configPath.substring(PATH_FILE_PREFIX.length());
-
- }
- injectConfiguration(configPath, applicationContext);
-
- } else {
- log.info("Find NO SystemD Property: '{}' Maybe no configuration available", SYSTEMD_PROP_NAME);
-
- }
-
- super.initialize(applicationContext);
-
- }
-
- private void injectConfiguration(String configPath, ConfigurableApplicationContext applicationContext) {
- InputStream is = null;
- try {
- Path path = Paths.get(configPath);
- if (Files.exists(path)) {
- File file = new File(configPath);
- Properties props = new Properties();
- is = new FileInputStream(file);
- props.load(is);
- MutablePropertySources sources = applicationContext.getEnvironment().getPropertySources();
- sources.addFirst(new PropertiesPropertySource(SYSTEMD_PROP_NAME, props));
- log.info("Set configuration-source from SystemD-Property: {}", SYSTEMD_PROP_NAME);
-
- } else {
- log.error("Configuration from SystemD Property: '{}' at Location: {} DOES NOT exist",
- SYSTEMD_PROP_NAME, configPath);
-
- }
-
- } catch (IOException e) {
- log.error("Configuration from SystemD Property: '{}' at Location: {} CAN NOT be loaded",
- SYSTEMD_PROP_NAME, configPath, e);
-
- } finally {
- try {
- if (is != null) {
- is.close();
-
- }
- } catch (IOException e) {
- log.error("Can not close InputStream of configLoader: {}", configPath, e);
-
- }
- }
- }
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java
deleted file mode 100644
index 6616db23..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java
+++ /dev/null
@@ -1,105 +0,0 @@
-package at.asitplus.eidas.specific.connector;
-
-import org.opensaml.core.config.InitializationException;
-import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.builder.SpringApplicationBuilder;
-import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.web.context.WebApplicationContext;
-
-import at.gv.egiz.eaaf.core.api.IStatusMessenger;
-import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
-import at.gv.egiz.eaaf.core.impl.logging.SimpleStatusMessager;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import lombok.extern.slf4j.Slf4j;
-import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
-
-@Slf4j
-@SpringBootApplication(scanBasePackages = {
- "at.asitplus.eidas.specific.connector",
- "at.gv.egiz.eaaf.utils.springboot.ajp"
- })
-public class SpringBootApplicationInitializer extends SpringBootServletInitializer {
-
- private static ConfigurableApplicationContext ctx;
-
- /**
- * Starts MS-specific eIDAS-Implementation SpringBoot application.
- *
- * @param args Starting parameters
- * @throws Throwable In case of a start-up error
- */
- public static void main(final String[] args) throws Throwable {
- try {
- log.info("=============== Initializing Spring-Boot context! ===============");
- LogMessageProviderFactory.setStatusMessager(new SimpleStatusMessager());
- final SpringApplication springApp =
- new SpringApplication(SpringBootApplicationInitializer.class);
- springApp.addInitializers(new MsSpecificSpringBootApplicationContextInitializer());
-
- log.info("Bootstrap openSAML .... ");
- EaafOpenSaml3xInitializer.eaafInitialize();
-
- log.debug("Run SpringBoot initialization process ... ");
- ctx = springApp.run(args);
-
- // initialize status messenger
- LogMessageProviderFactory.setStatusMessager(ctx.getBean(IStatusMessenger.class));
-
- log.info("Initialization of MS-specific eIDAS-Connector finished.");
-
- } catch (final Throwable e) {
- log.error("MS-specific eIDAS-Connector initialization FAILED!", e);
- throw e;
-
- }
-
- }
-
-
- protected SpringApplicationBuilder createSpringApplicationBuilder() {
- try {
- log.info("Bootstrap openSAML .... ");
- EaafOpenSaml3xInitializer.eaafInitialize();
-
- } catch (InitializationException | ComponentInitializationException e) {
- throw new RuntimeException(e);
-
- }
-
- SpringApplicationBuilder builder = new SpringApplicationBuilder();
- builder.initializers(new MsSpecificSpringBootApplicationContextInitializer());
- return builder;
-
- }
-
- protected WebApplicationContext run(SpringApplication application) {
- WebApplicationContext internalContext = (WebApplicationContext) application.run();
-
- // initialize status messenger
- LogMessageProviderFactory.setStatusMessager(internalContext.getBean(IStatusMessenger.class));
-
- log.info("Initialization of MS-specific eIDAS-Connector finished.");
-
- return internalContext;
- }
-
- /**
- * Stops SpringBoot application of MS-specific eIDAS-Implementation.
- *
- */
- public static void exit() {
- if (ctx != null) {
- log.info("Stopping SpringBoot application ... ");
- SpringApplication.exit(ctx, () -> 0);
- ctx = null;
-
- } else {
- log.info("No SpringBoot context. Nothing todo");
-
- }
-
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java
deleted file mode 100644
index 17eb0704..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
- * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
- * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
- * compliance with the Licence. You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the Licence
- * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the Licence for the specific language governing permissions and limitations under
- * the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text file for details on the
- * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
- * works that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-package at.asitplus.eidas.specific.connector.attributes;
-
-import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME;
-import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME;
-
-import java.nio.charset.StandardCharsets;
-import java.util.Base64;
-
-import org.apache.commons.lang3.StringUtils;
-
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata;
-
-
-@PvpMetadata
-public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder {
-
- @Override
- public String getName() {
- return EID_AUTHBLOCK_SIGNED_NAME;
- }
-
- @Override
- public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData,
- final IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-
- String authBlock = authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class);
- if (StringUtils.isNotEmpty(authBlock)) {
- return g.buildStringAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME,
- Base64.getEncoder().encodeToString(authBlock.getBytes(StandardCharsets.UTF_8)));
-
- } else {
- throw new UnavailableAttributeException(EID_AUTHBLOCK_SIGNED_NAME);
- }
-
- }
-
- @Override
- public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
- return g.buildEmptyAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME);
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java
deleted file mode 100644
index 18eb74f8..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
- * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
- * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
- * compliance with the Licence. You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the Licence
- * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the Licence for the specific language governing permissions and limitations under
- * the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text file for details on the
- * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
- * works that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-package at.asitplus.eidas.specific.connector.attributes;
-
-import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME;
-import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME;
-
-import org.apache.commons.lang3.StringUtils;
-
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata;
-
-@PvpMetadata
-public class EidasBindAttributeBuilder implements IPvpAttributeBuilder {
-
-
- @Override
- public String getName() {
- return EID_EIDBIND_NAME;
- }
-
- @Override
- public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData,
- final IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-
- String eidasBind = authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class);
- if (StringUtils.isNotEmpty(eidasBind)) {
- return g.buildStringAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME, eidasBind);
-
- } else {
- throw new UnavailableAttributeException(EID_EIDBIND_NAME);
- }
-
- }
-
- @Override
- public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
- return g.buildEmptyAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME);
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java
deleted file mode 100644
index d4e97433..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.asitplus.eidas.specific.connector.builder;
-
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
-
-public class PvpSubjectNameGenerator implements ISubjectNameIdGenerator {
-
- @Override
- public Pair<String, String> generateSubjectNameId(IAuthData authData, ISpConfiguration spConfig)
- throws Pvp2Exception {
- return Pair.newInstance(authData.getBpk(), authData.getBpkType());
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/MsConnectorMessageSource.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/MsConnectorMessageSource.java
deleted file mode 100644
index 59df6375..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/MsConnectorMessageSource.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package at.asitplus.eidas.specific.connector.config;
-
-import java.util.Arrays;
-import java.util.List;
-
-import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
-
-/**
- * Inject eIDAS Connector specific messages into Spring based message-source.
- *
- * @author tlenz
- *
- */
-public class MsConnectorMessageSource implements IMessageSourceLocation {
-
- @Override
- public List<String> getMessageSourceLocation() {
- return Arrays.asList("classpath:/properties/messages");
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java
deleted file mode 100644
index 81c37bd0..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java
+++ /dev/null
@@ -1,158 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.asitplus.eidas.specific.connector.config;
-
-import java.util.Arrays;
-import java.util.List;
-
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.saml.saml2.metadata.ContactPerson;
-import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration;
-import org.opensaml.saml.saml2.metadata.EmailAddress;
-import org.opensaml.saml.saml2.metadata.GivenName;
-import org.opensaml.saml.saml2.metadata.Organization;
-import org.opensaml.saml.saml2.metadata.OrganizationDisplayName;
-import org.opensaml.saml.saml2.metadata.OrganizationName;
-import org.opensaml.saml.saml2.metadata.OrganizationURL;
-import org.opensaml.saml.saml2.metadata.SurName;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-
-@Service("PVPEndPointConfiguration")
-public class PvpEndPointConfiguration implements IPvp2BasicConfiguration {
- private static final Logger log = LoggerFactory.getLogger(PvpEndPointConfiguration.class);
-
- private static final String DEFAULT_XML_LANG = "en";
-
- @Autowired(required = true)
- IConfiguration basicConfiguration;
-
- @Override
- public String getIdpEntityId(String authUrl) throws EaafException {
- return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_METADATA;
-
- }
-
- @Override
- public String getIdpSsoPostService(String authUrl) throws EaafException {
- return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_POST;
-
- }
-
- @Override
- public String getIdpSsoRedirectService(String authUrl) throws EaafException {
- return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_REDIRECT;
-
- }
-
- @Override
- public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException {
- log.warn("PVP S-Profile End-Point does NOT support SOAP Binding");
- return null;
-
- }
-
- @Override
- public List<ContactPerson> getIdpContacts() throws EaafException {
- final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class);
- final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class);
- final SurName surname = Saml2Utils.createSamlObject(SurName.class);
- final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class);
-
- givenName.setValue(getAndVerifyFromConfiguration(
- MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME));
- surname.setValue(getAndVerifyFromConfiguration(
- MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME));
- emailAddress.setURI(getAndVerifyFromConfiguration(
- MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL));
-
- contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL);
- contactPerson.setGivenName(givenName);
- contactPerson.setSurName(surname);
- contactPerson.getEmailAddresses().add(emailAddress);
-
- return Arrays.asList(contactPerson);
-
- }
-
- @Override
- public Organization getIdpOrganisation() throws EaafException {
- final Organization organisation = Saml2Utils.createSamlObject(Organization.class);
- final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class);
- final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class);
- final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class);
-
- orgName.setXMLLang(DEFAULT_XML_LANG);
- orgName.setValue(getAndVerifyFromConfiguration(
- MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME));
-
- orgDisplayName.setXMLLang(DEFAULT_XML_LANG);
- orgDisplayName.setValue(getAndVerifyFromConfiguration(
- MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME));
-
- orgUrl.setXMLLang(DEFAULT_XML_LANG);
- orgUrl.setURI(getAndVerifyFromConfiguration(
- MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL));
-
-
- organisation.getOrganizationNames().add(orgName);
- organisation.getDisplayNames().add(orgDisplayName);
- organisation.getURLs().add(orgUrl);
-
- return organisation;
- }
-
- @Override
- public IConfiguration getBasicConfiguration() {
- return basicConfiguration;
- }
-
- private String removePostFix(String url) {
- if (url != null && url.endsWith("/")) {
- return url.substring(0, url.length() - 1);
- } else {
- return url;
- }
- }
-
- private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException {
- final String value = basicConfiguration.getBasicConfiguration(configKey);
- if (StringUtils.isEmpty(value)) {
- throw new EaafConfigurationException("config.08",
- new Object[] {configKey});
-
- }
-
- return value;
- }
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java
deleted file mode 100644
index e83fd4cf..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java
+++ /dev/null
@@ -1,269 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.asitplus.eidas.specific.connector.config;
-
-import java.util.Arrays;
-import java.util.List;
-
-import org.opensaml.saml.saml2.core.Attribute;
-import org.opensaml.saml.saml2.core.NameIDType;
-import org.opensaml.saml.saml2.metadata.ContactPerson;
-import org.opensaml.saml.saml2.metadata.Organization;
-import org.opensaml.saml.saml2.metadata.RequestedAttribute;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
-
-public class PvpMetadataConfiguration implements IPvpMetadataBuilderConfiguration {
- private static final Logger log = LoggerFactory.getLogger(PvpMetadataConfiguration.class);
-
- private final IConfiguration basicConfig;
- private final String authUrl;
- private final IPvp2CredentialProvider pvpIdpCredentials;
- private final IPvp2BasicConfiguration pvpBasicConfig;
-
- /**
- * Configuration object to create PVP2 S-Profile metadata.
- *
- * @param basicConfig Application configuration
- * @param authUrl Public-URL Prefix of the application
- * @param pvpBasicConfig PVP2 configuration object
- * @param pvpIdpCredentials2 PVP2 credentials
- */
- public PvpMetadataConfiguration(IConfiguration basicConfig, String authUrl,
- IPvp2BasicConfiguration pvpBasicConfig, IPvp2CredentialProvider pvpIdpCredentials2) {
- this.authUrl = authUrl;
- this.pvpIdpCredentials = pvpIdpCredentials2;
- this.basicConfig = basicConfig;
- this.pvpBasicConfig = pvpBasicConfig;
-
- }
-
- @Override
- public String getSpNameForLogging() {
- return "PVP2 S-Profile IDP";
- }
-
- @Override
- public int getMetadataValidUntil() {
- return Integer.parseInt(basicConfig.getBasicConfiguration(
- MsEidasNodeConstants.PROP_CONFIG_PVP2_METADATA_VALIDITY,
- String.valueOf(MsEidasNodeConstants.DEFAULT_PVP_METADATA_VALIDITY)));
-
- }
-
- @Override
- public boolean buildEntitiesDescriptorAsRootElement() {
- return false;
-
- }
-
- @Override
- public boolean buildIdpSsoDescriptor() {
- return true;
-
- }
-
- @Override
- public boolean buildSpSsoDescriptor() {
- return false;
-
- }
-
- @Override
- public String getEntityID() {
- try {
- return pvpBasicConfig.getIdpEntityId(authUrl);
-
- } catch (final EaafException e) {
- log.error("Can NOT build PVP metadata configuration.", e);
- throw new RuntimeException("Can NOT build PVP metadata configuration.");
-
- }
-
- }
-
- @Override
- public String getEntityFriendlyName() {
- return null;
-
- }
-
- @Override
- public List<ContactPerson> getContactPersonInformation() {
- try {
- return pvpBasicConfig.getIdpContacts();
-
- } catch (final EaafException e) {
- log.error("Can NOT build PVP metadata configuration.", e);
- throw new RuntimeException("Can NOT build PVP metadata configuration.");
-
- }
-
- }
-
- @Override
- public Organization getOrgansiationInformation() {
- try {
- return pvpBasicConfig.getIdpOrganisation();
-
- } catch (final EaafException e) {
- log.error("Can NOT build PVP metadata configuration.", e);
- throw new RuntimeException("Can NOT build PVP metadata configuration.");
-
- }
- }
-
- @Override
- public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException {
- return pvpIdpCredentials.getMetaDataSigningCredential();
-
- }
-
- @Override
- public EaafX509Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException {
- return pvpIdpCredentials.getMessageSigningCredential();
-
- }
-
- @Override
- public EaafX509Credential getEncryptionCredentials() throws CredentialsNotAvailableException {
- return null;
-
- }
-
- @Override
- public String getIdpWebSsoPostBindingUrl() {
- try {
- return pvpBasicConfig.getIdpSsoPostService(authUrl);
-
- } catch (final EaafException e) {
- log.error("Can NOT build PVP metadata configuration.", e);
- throw new RuntimeException("Can NOT build PVP metadata configuration.");
-
- }
-
- }
-
- @Override
- public String getIdpWebSsoRedirectBindingUrl() {
- try {
- return pvpBasicConfig.getIdpSsoRedirectService(authUrl);
-
- } catch (final EaafException e) {
- log.error("Can NOT build PVP metadata configuration.", e);
- throw new RuntimeException("Can NOT build PVP metadata configuration.");
-
- }
- }
-
- @Override
- public String getIdpSloPostBindingUrl() {
- return null;
-
- }
-
- @Override
- public String getIdpSloRedirectBindingUrl() {
- return null;
-
- }
-
- @Override
- public String getSpAssertionConsumerServicePostBindingUrl() {
- return null;
-
- }
-
- @Override
- public String getSpAssertionConsumerServiceRedirectBindingUrl() {
- return null;
-
- }
-
- @Override
- public String getSpSloPostBindingUrl() {
- return null;
-
- }
-
- @Override
- public String getSpSloRedirectBindingUrl() {
- return null;
-
- }
-
- @Override
- public String getSpSloSoapBindingUrl() {
- return null;
-
- }
-
- @Override
- public List<Attribute> getIdpPossibleAttributes() {
- return PvpAttributeBuilder.buildSupportedEmptyAttributes();
-
- }
-
- @Override
- public List<String> getIdpPossibleNameIdTypes() {
- return Arrays.asList(NameIDType.PERSISTENT,
- NameIDType.TRANSIENT,
- NameIDType.UNSPECIFIED);
- }
-
- @Override
- public List<RequestedAttribute> getSpRequiredAttributes() {
- return null;
-
- }
-
- @Override
- public List<String> getSpAllowedNameIdTypes() {
- return null;
-
- }
-
- @Override
- public boolean wantAssertionSigned() {
- return false;
-
- }
-
- @Override
- public boolean wantAuthnRequestSigned() {
- return true;
-
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java
deleted file mode 100644
index f360185b..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-package at.asitplus.eidas.specific.connector.controller;
-
-import java.io.IOException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
-
-/**
- * Default process-engine signaling controller.
- *
- * @author tlenz
- *
- */
-@Controller
-public class ProcessEngineSignalController extends AbstractProcessEngineSignalController {
-
- @RequestMapping(value = {
- MsEidasNodeConstants.ENDPOINT_COUNTRYSELECTION,
- MsEidasNodeConstants.ENDPOINT_OTHER_LOGIN_METHOD_SELECTION,
- MsEidasNodeConstants.ENDPOINT_RESIDENCY_INPUT
- },
- method = { RequestMethod.POST, RequestMethod.GET })
- public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp)
- throws IOException, EaafException {
- signalProcessManagement(req, resp);
-
- }
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java
deleted file mode 100644
index 923864cc..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.asitplus.eidas.specific.connector.controller;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPvp2XProtocol;
-import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest;
-
-@Controller
-public class Pvp2SProfileEndpoint extends AbstractPvp2XProtocol {
-
- public static final String NAME = Pvp2SProfileEndpoint.class.getName();
- public static final String PROTOCOL_ID = "pvp2-s";
-
- @RequestMapping(value = MsEidasNodeConstants.ENDPOINT_PVP_METADATA, method = { RequestMethod.POST,
- RequestMethod.GET })
- public void pvpMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException {
- super.pvpMetadataRequest(req, resp);
-
- }
-
- @RequestMapping(value = MsEidasNodeConstants.ENDPOINT_PVP_POST, method = { RequestMethod.POST })
- public void pvpIdpPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException {
- super.pvpIdpPostRequest(req, resp);
-
- }
-
- @RequestMapping(value = MsEidasNodeConstants.ENDPOINT_PVP_REDIRECT, method = { RequestMethod.GET })
- public void pvpIdpRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException {
- super.pvpIdpRedirecttRequest(req, resp);
-
- }
-
- @Override
- public String getAuthProtocolIdentifier() {
- return PROTOCOL_ID;
- }
-
- @Override
- public String getName() {
- return NAME;
- }
-
- @Override
- protected boolean childPreProcess(HttpServletRequest arg0, HttpServletResponse arg1,
- PvpSProfilePendingRequest arg2)
- throws Throwable {
- return false;
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/health/Saml2MetadataHealthIndicator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/health/Saml2MetadataHealthIndicator.java
deleted file mode 100644
index 592231b0..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/health/Saml2MetadataHealthIndicator.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package at.asitplus.eidas.specific.connector.health;
-
-import javax.xml.transform.TransformerFactoryConfigurationError;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.actuate.health.Health;
-import org.springframework.boot.actuate.health.HealthIndicator;
-
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataConfigurationFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-import lombok.Setter;
-import lombok.extern.slf4j.Slf4j;
-
-@Slf4j
-public class Saml2MetadataHealthIndicator implements HealthIndicator {
-
- @Autowired
- private PvpMetadataBuilder metadatabuilder;
- @Autowired
- private IPvpMetadataConfigurationFactory configFactory;
-
- @Setter
- private AbstractCredentialProvider pvpIdpCredentials;
-
- @Override
- public Health health() {
- try {
- // build metadata
- final IPvpMetadataBuilderConfiguration metadataConfig =
- configFactory.generateMetadataBuilderConfiguration(
- "http://localhost/monitoring",
- pvpIdpCredentials);
- metadatabuilder.buildPvpMetadata(metadataConfig);
- return Health.up().build();
-
- } catch (Exception | TransformerFactoryConfigurationError e) {
- return Health.down().down(e).build();
-
- }
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java
deleted file mode 100644
index 2ec86f53..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.asitplus.eidas.specific.connector.processes;
-
-import org.apache.commons.lang3.StringUtils;
-
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
-import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-
-/**
- * Auth-Process selector for User's country selection.
- *
- * @author tlenz
- *
- */
-public class CountrySelectionProcessImpl implements AuthModule {
-
- @Override
- public int getPriority() {
- return 0;
-
- }
-
- @Override
- public String selectProcess(ExecutionContext context, IRequest pendingReq) {
- final Object selectedCountryObj = context.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY);
- if (selectedCountryObj != null && selectedCountryObj instanceof String) {
- final String selectedCountry = (String) selectedCountryObj;
- if (StringUtils.isNotEmpty(selectedCountry)) {
- return null;
- }
-
- }
-
- return "CountrySelectionProcess";
-
- }
-
- @Override
- public String[] getProcessDefinitions() {
- return new String[] { "classpath:processes/CountrySelection.process.xml" };
-
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java
deleted file mode 100644
index b2c5c51d..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.asitplus.eidas.specific.connector.processes.tasks;
-
-import java.util.Enumeration;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Component;
-
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask;
-
-/**
- * Evaluate the User's country selection.
- *
- * @author tlenz
- *
- */
-@Component("EvaluateCountrySelectionTask")
-public class EvaluateCountrySelectionTask extends AbstractLocaleAuthServletTask {
- private static final Logger log = LoggerFactory.getLogger(EvaluateCountrySelectionTask.class);
-
- @Override
- public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request,
- HttpServletResponse response)
- throws TaskExecutionException {
- try {
-
- // set parameter execution context
- final Enumeration<String> reqParamNames = request.getParameterNames();
- while (reqParamNames.hasMoreElements()) {
- final String paramName = reqParamNames.nextElement();
- if (StringUtils.isNotEmpty(paramName)
- && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) {
- for (final String el : MsEidasNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST) {
- if (el.equalsIgnoreCase(paramName)) {
- executionContext.put(paramName,
- StringEscapeUtils.escapeHtml(request.getParameter(paramName)));
- }
- }
- }
- }
-
- log.info("Country selection finished. Starting auth. process for country ... ");
-
- } catch (final Exception e) {
- log.warn("EvaluateBKUSelectionTask has an internal error", e);
- throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-
- }
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java
deleted file mode 100644
index 57a4c19a..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.asitplus.eidas.specific.connector.processes.tasks;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import at.asitplus.eidas.specific.core.MsConnectorEventCodes;
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask;
-
-/**
- * Create country-selection page.
- *
- * @author tlenz
- *
- */
-@Component("GenerateCountrySelectionFrameTask")
-public class GenerateCountrySelectionFrameTask extends AbstractLocaleAuthServletTask {
-
- @Autowired
- ISpringMvcGuiFormBuilder guiBuilder;
- @Autowired
- IConfiguration basicConfig;
-
-
- @Override
- public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request,
- HttpServletResponse response) throws TaskExecutionException {
- try {
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.STARTING_COUNTRY_SELECTION);
-
- final IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration(
- basicConfig,
- pendingReq,
- basicConfig.getBasicConfiguration(
- MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_CCSELECTION,
- MsEidasNodeConstants.TEMPLATE_HTML_COUNTRYSELECTION),
- MsEidasNodeConstants.ENDPOINT_COUNTRYSELECTION,
- resourceLoader);
-
- guiBuilder.build(request, response, config, "BKU-Selection form");
-
- } catch (final Exception e) {
- throw new TaskExecutionException(pendingReq,
- "Can not build GUI. Msg:" + e.getMessage(),
- new EaafException("gui.00", new Object[] { e.getMessage() }, e));
-
- }
-
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java
deleted file mode 100644
index 98e88eff..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.asitplus.eidas.specific.connector.provider;
-
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-
-public class PvpEndPointCredentialProvider extends AbstractCredentialProvider {
-
- @Autowired(required = true)
- IConfiguration basicConfiguration;
-
- @Override
- public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException {
- final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
- keyStoreConfig.setFriendlyName("PVP2 S-Profile EndPoint");
- keyStoreConfig.setKeyStoreType(
- basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.CONFIG_PROPS_KEYSTORE_TYPE,
- KeyStoreType.PKCS12.getKeyStoreType()));
- keyStoreConfig.setKeyStoreName(
- basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.CONFIG_PROPS_KEYSTORE_NAME));
- keyStoreConfig.setSoftKeyStoreFilePath(basicConfiguration.getBasicConfiguration(
- MsEidasNodeConstants.PROP_CONFIG_PVP2_KEYSTORE_PATH));
- keyStoreConfig.setSoftKeyStorePassword(
- basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_PVP2_KEYSTORE_PASSWORD));
-
- keyStoreConfig.validate();
-
- return keyStoreConfig;
- }
-
-
- @Override
- public String getMetadataKeyAlias() {
- return basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_METADATA_ALIAS);
- }
-
- @Override
- public String getMetadataKeyPassword() {
- return basicConfiguration.getBasicConfiguration(
- MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_METADATA_PASSWORD);
-
- }
-
- @Override
- public String getSignatureKeyAlias() {
- return basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_SIGNING_ALIAS);
-
- }
-
- @Override
- public String getSignatureKeyPassword() {
- return basicConfiguration.getBasicConfiguration(
- MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_SIGNING_PASSWORD);
-
- }
-
- @Override
- public String getEncryptionKeyAlias() {
- return null;
-
- }
-
- @Override
- public String getEncryptionKeyPassword() {
- return null;
-
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java
deleted file mode 100644
index e8bc4eb8..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.asitplus.eidas.specific.connector.provider;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.asitplus.eidas.specific.connector.config.PvpMetadataConfiguration;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataConfigurationFactory;
-import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
-
-@Service("PVPMetadataConfigurationFactory")
-public class PvpMetadataConfigurationFactory implements IPvpMetadataConfigurationFactory {
-
- @Autowired
- private IConfiguration basicConfig;
- @Autowired
- private IPvp2BasicConfiguration pvpBasicConfig;
-
- @Override
- public IPvpMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authUrl,
- IPvp2CredentialProvider pvpIdpCredentials) {
- return new PvpMetadataConfiguration(basicConfig, authUrl, pvpBasicConfig, pvpIdpCredentials);
-
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java
deleted file mode 100644
index 6161c271..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.asitplus.eidas.specific.connector.provider;
-
-import java.io.IOException;
-import java.security.KeyStore;
-import java.security.Provider;
-import java.security.cert.CertificateException;
-import java.text.MessageFormat;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.saml.metadata.resolver.MetadataResolver;
-import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
-import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
-import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
-
-@Service("PVPMetadataProvider")
-public class PvpMetadataProvider extends AbstractChainingMetadataProvider {
- private static final Logger log = LoggerFactory.getLogger(PvpMetadataProvider.class);
-
- private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}";
-
- @Autowired(required = true)
- IConfigurationWithSP basicConfig;
- @Autowired
- private PvpMetadataResolverFactory metadataProviderFactory;
- @Autowired
- private IHttpClientFactory httpClientFactory;
-
- @Autowired
- private EaafKeyStoreFactory keyStoreFactory;
-
-
- @Override
- protected String getMetadataUrl(String entityId) throws EaafConfigurationException {
- final ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId);
- if (spConfig != null) {
- String metadataUrl = entityId;
-
- final String metadataUrlFromConfig = spConfig.getConfigurationValue(
- MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL);
- if (StringUtils.isNotEmpty(metadataUrlFromConfig)) {
- log.debug("Use metdataURL from configuration for EntityId: " + entityId);
- metadataUrl = metadataUrlFromConfig;
-
- }
-
- return metadataUrl;
-
- } else {
- log.info("No ServiceProvider with entityId: " + entityId + " in configuration.");
- }
-
- return null;
- }
-
- @Override
- protected MetadataResolver createNewMetadataProvider(String entityId)
- throws EaafConfigurationException, IOException, CertificateException {
- final ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId);
- if (spConfig != null) {
- try {
- String metadataUrl = spConfig.getConfigurationValue(
- MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL);
- if (StringUtils.isEmpty(metadataUrl)) {
- log.debug("Use EntityId: " + entityId + " instead of explicite metadataURL ... ");
- metadataUrl = entityId;
-
- }
-
- KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
- keyStoreConfig.setFriendlyName(MessageFormat.format(PROVIDER_ID_PATTERN, entityId));
- keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
- keyStoreConfig.setSoftKeyStoreFilePath(
- spConfig.getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE));
- keyStoreConfig.setSoftKeyStorePassword(spConfig.getConfigurationValue(
- MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD));
-
- keyStoreConfig.validate();
-
- Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
-
- final List<MetadataFilter> filterList = new ArrayList<>();
- filterList.add(new SchemaValidationFilter(true));
- filterList.add(new SimpleMetadataSignatureVerificationFilter(
- keyStore.getFirst(), entityId));
- filterList.add(new PvpEntityCategoryFilter(
- basicConfig.getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES,
- true)));
-
- final MetadataFilterChain filter = new MetadataFilterChain();
- filter.setFilters(filterList);
-
- try {
- return metadataProviderFactory.createMetadataProvider(getMetadataUrl(entityId),
- filter,
- MessageFormat.format(PROVIDER_ID_PATTERN, entityId),
- httpClientFactory.getHttpClient());
-
- } catch (final Pvp2MetadataException e) {
- log.info("Can NOT build metadata provider for entityId: {}", entityId);
- throw new EaafConfigurationException("module.eidasauth.04",
- new Object[] { entityId, e.getMessage() }, e);
-
- }
-
- } catch (final EaafException e) {
- log.info("Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage());
- throw new EaafConfigurationException("config.27",
- new Object[] { "Can NOT initialize Metadata signature-verification filter. Reason: " + e
- .getMessage() }, e);
-
- }
-
- } else {
- log.info("No ServiceProvider with entityId: " + entityId + " in configuration.");
- }
-
- return null;
- }
-
- @Override
- protected List<String> getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException {
- return Collections.emptyList();
- }
-
- @Override
- protected String getMetadataProviderId() {
- return "Service-provider chainging metadata provider";
-
- }
-
- @Override
- public void doDestroy() {
- this.fullyDestroy();
-
- }
-
-}
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
deleted file mode 100644
index 23702264..00000000
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
+++ /dev/null
@@ -1,382 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.asitplus.eidas.specific.connector.verification;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.core.xml.XMLObject;
-import org.opensaml.saml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml.saml2.core.AuthnRequest;
-import org.opensaml.saml.saml2.core.NameIDPolicy;
-import org.opensaml.saml.saml2.core.NameIDType;
-import org.opensaml.saml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml.saml2.core.Scoping;
-import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
-import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
-import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
-import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException;
-import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
-
-public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
-
- private static final Logger log = LoggerFactory.getLogger(AuthnRequestValidator.class);
-
- @Autowired(required = true)
- private IConfiguration basicConfig;
-
- @Override
- public void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq,
- SPSSODescriptor spSsoDescriptor) throws AuthnRequestValidatorException {
- try {
- // validate NameIDPolicy
- final NameIDPolicy nameIdPolicy = authnReq.getNameIDPolicy();
- if (nameIdPolicy != null) {
- final String nameIdFormat = nameIdPolicy.getFormat();
- if (nameIdFormat != null) {
- if (!(NameIDType.TRANSIENT.equals(nameIdFormat)
- || NameIDType.PERSISTENT.equals(nameIdFormat))) {
-
- throw new NameIdFormatNotSupportedException(nameIdFormat);
-
- }
-
- } else {
- log.trace("Find NameIDPolicy, but NameIDFormat is 'null'");
- }
- } else {
- log.trace("AuthnRequest includes no 'NameIDPolicy'");
- }
-
- // post-process RequesterId
- final String spEntityId = extractScopeRequsterId(authnReq);
- if (StringUtils.isEmpty(spEntityId)) {
- log.info("NO service-provider entityID in Authn. request. Stop authn. process ... ");
- throw new AuthnRequestValidatorException("pvp2.22",
- new Object[] { "NO relaying-party entityID in Authn. request" }, pendingReq);
-
- } else {
- pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, spEntityId);
- }
-
- // post-process ProviderName
- final String providerName = authnReq.getProviderName();
- if (StringUtils.isEmpty(providerName)) {
- log.info("Authn. request contains NO SP friendlyName");
- } else {
- pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_PROVIDERNAME, providerName);
- }
-
- // post-process requested LoA
- postprocessLoaLevel(pendingReq, authnReq);
-
- // post-process requested LoA comparison-level
- pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode(
- extractComparisonLevel(authnReq));
-
- // extract information from requested attributes
- extractFromRequestedAttriutes(pendingReq, authnReq);
-
- } catch (final EaafStorageException e) {
- log.info("Can NOT store Authn. Req. data into pendingRequest.", e);
- throw new AuthnRequestValidatorException("internal.02", null, e);
-
- }
-
- }
-
- private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq)
- throws AuthnRequestValidatorException, EaafStorageException {
- // validate and process requested attributes
- boolean sectorDetected = false;
-
- final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
- ServiceProviderConfiguration.class);
-
- if (authnReq.getExtensions() != null) {
- final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects();
- for (final XMLObject reqAttrObj : requestedAttributes) {
- if (reqAttrObj instanceof EaafRequestedAttributes) {
- final EaafRequestedAttributes reqAttr = (EaafRequestedAttributes) reqAttrObj;
- if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) {
- for (final EaafRequestedAttribute el : reqAttr.getAttributes()) {
- log.trace("Processing req. attribute '" + el.getName() + "' ... ");
- if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
- sectorDetected = extractBpkTargetIdentifier(el, spConfig);
-
- } else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) {
- extractUniqueTransactionId(el, pendingReq);
-
- } else if (el.getName().equals(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME)) {
- extractBindingPublicKey(el, pendingReq);
-
- } else {
- log.debug("Ignore req. attribute: " + el.getName());
-
- }
- }
-
- } else {
- log.debug("No requested Attributes in Authn. Request");
-
- }
-
- } else {
- log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString());
-
- }
- }
- }
-
- if (!sectorDetected) {
- log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information.");
- throw new AuthnRequestValidatorException("pvp2.22", new Object[] {
- "NO or NO VALID target-sector information" });
-
- }
-
- }
-
- private void extractBindingPublicKey(EaafRequestedAttribute el, IRequest pendingReq)
- throws EaafStorageException {
- if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
- final String bindingPubKey = el.getAttributeValues().get(0).getDOM().getTextContent();
- pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
- log.info("Find Binding Public-Key. eIDAS authentication will be used to create an ID Austria Binding");
-
- } else {
- log.warn(
- "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
- el.getName());
-
- }
- }
-
- /**
- * Extract unique transactionId from AuthnRequest.
- *
- * @param el Requested attribute from AuthnRequest
- * @param pendingReq Current pendingRequest object (has to be of type
- * {@link RequestImpl})
- * @return <code>true</code> if transactionId extraction was successful,
- * otherwise <code>false</code>
- */
- private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) {
- if (!(pendingReq instanceof RequestImpl)) {
- log.warn(
- "Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}",
- RequestImpl.class.getName());
-
- } else {
- if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
- final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent();
- ((RequestImpl) pendingReq).setUniqueTransactionIdentifier(transactionId);
- log.info("Find transactionId: {} from requesting service. Replace old id: {} ",
- transactionId, TransactionIdUtils.getTransactionId());
- TransactionIdUtils.setTransactionId(transactionId);
-
- return true;
-
- } else {
- log.warn(
- "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
- el.getName());
-
- }
-
- }
-
- return false;
- }
-
- /**
- * Extract the bPK target from requested attribute.
- *
- * @param el Requested attribute from AuthnRequest
- * @param spConfig Service-Provider configuration for current process
- * @return <code>true</code> if bPK target extraction was successful, otherwise
- * <code>false</code>
- */
- private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el,
- ServiceProviderConfiguration spConfig) {
- if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
- final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();
- try {
- spConfig.setBpkTargetIdentifier(sectorId);
- return true;
-
- } catch (final EaafException e) {
- log.warn("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: "
- + spConfig.getUniqueIdentifier());
- }
-
- } else {
- log.warn("Req. attribute '" + el.getName()
- + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
- }
-
- return false;
-
- }
-
- private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq)
- throws AuthnRequestValidatorException {
- final List<String> reqLoA = extractLoA(authnReq);
- log.trace("SP requests LoA with: {}", String.join(", ", reqLoA));
-
- LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration(
- MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL,
- EaafConstants.EIDAS_LOA_HIGH));
- if (minimumLoAFromConfig == null) {
- log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default",
- EaafConstants.EIDAS_LOA_HIGH);
- minimumLoAFromConfig = LevelOfAssurance.HIGH;
-
- }
-
- log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...",
- minimumLoAFromConfig);
- final List<String> allowedLoA = new ArrayList<>();
- for (final String loa : reqLoA) {
- try {
- final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa);
- String selectedLoA = EaafConstants.EIDAS_LOA_HIGH;
- if (intLoa != null
- && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) {
- log.info("Client: {} requested LoA: {} will be upgraded to: {}",
- pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(),
- loa,
- minimumLoAFromConfig);
- selectedLoA = minimumLoAFromConfig.getValue();
-
- }
-
- if (!allowedLoA.contains(selectedLoA)) {
- log.debug("Allow LoA: {} for Client: {}",
- selectedLoA,
- pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
- allowedLoA.add(selectedLoA);
-
- }
-
- } catch (final IllegalArgumentException e) {
- log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa);
-
- }
-
- }
-
- pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(
- allowedLoA);
-
- }
-
- private String extractComparisonLevel(AuthnRequest authnReq) {
- if (authnReq.getRequestedAuthnContext() != null) {
- final RequestedAuthnContext authContext = authnReq.getRequestedAuthnContext();
- return authContext.getComparison().toString();
-
- }
-
- return null;
- }
-
- private List<String> extractLoA(AuthnRequest authnReq) throws AuthnRequestValidatorException {
- final List<String> result = new ArrayList<>();
- if (authnReq.getRequestedAuthnContext() != null) {
- final RequestedAuthnContext authContext = authnReq.getRequestedAuthnContext();
- if (authContext.getComparison().equals(AuthnContextComparisonTypeEnumeration.MINIMUM)) {
- if (authContext.getAuthnContextClassRefs().isEmpty()) {
- log.debug("Authn. Req. contains no requested LoA");
-
- } else if (authContext.getAuthnContextClassRefs().size() > 1) {
- log.info("Authn. Req. contains MORE THAN ONE requested LoA, but "
- + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one");
- throw new AuthnRequestValidatorException("pvp2.22",
- new Object[] { "Authn. Req. contains MORE THAN ONE requested LoA, but "
- + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one" });
-
- } else {
- result.add(authContext.getAuthnContextClassRefs().get(0).getAuthnContextClassRef());
- }
-
- } else if (authContext.getComparison().equals(AuthnContextComparisonTypeEnumeration.EXACT)) {
- for (final AuthnContextClassRef el : authContext.getAuthnContextClassRefs()) {
- result.add(el.getAuthnContextClassRef());
- }
-
- } else {
- log.info("Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '"
- + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported");
- throw new AuthnRequestValidatorException("pvp2.22",
- new Object[] { "Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '"
- + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported" });
-
- }
-
- }
-
- return result;
- }
-
- private String extractScopeRequsterId(AuthnRequest authnReq) {
- if (authnReq.getScoping() != null) {
- final Scoping scoping = authnReq.getScoping();
- if (scoping.getRequesterIDs() != null
- && scoping.getRequesterIDs().size() > 0) {
- if (scoping.getRequesterIDs().size() == 1) {
- return scoping.getRequesterIDs().get(0).getRequesterID();
- } else {
- log.info("Authn. request contains more than on RequesterIDs! Only use first one");
- return scoping.getRequesterIDs().get(0).getRequesterID();
-
- }
- }
- }
-
- return null;
- }
-
-}