diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
14 files changed, 229 insertions, 316 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 15057600..8a1a63f5 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -35,6 +35,7 @@ public class Constants { public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk"; public static final String DATA_SIMPLE_EIDAS = "simple_eidas_data"; + // templates for post-binding forwarding public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; public static final String TEMPLATE_POST_FORWARD_ENDPOINT = "endPoint"; @@ -53,11 +54,11 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD = CONIG_PROPS_EIDAS_NODE + ".forward.method"; public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL = - CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural."; + CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural"; public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL = - CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural."; + CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural"; public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION = - CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation."; + CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation"; public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME = CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName"; public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER = @@ -78,6 +79,8 @@ public class Constants { + ".debug.logfullmessages"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY = CONIG_PROPS_EIDAS_SZRCLIENT + ".debug.useDummySolution"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND = CONIG_PROPS_EIDAS_SZRCLIENT + + ".eidasbind.mds.inject"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION = CONIG_PROPS_EIDAS_SZRCLIENT + ".timeout.connection"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE = CONIG_PROPS_EIDAS_SZRCLIENT @@ -144,6 +147,9 @@ public class Constants { public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; + public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public"; + public static final String eIDAS_REQ_PARAM_SECTOR_PRIVATE = "private"; + public static final String POLICY_DEFAULT_ALLOWED_TARGETS = EaafConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java index e9302f6d..d3cac80c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java @@ -47,7 +47,7 @@ import eu.eidas.auth.commons.EidasParameterKeys; import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; import eu.eidas.specificcommunication.exception.SpecificCommunicationException; -import eu.eidas.specificcommunication.protocol.impl.SpecificConnectorCommunicationServiceImpl; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; /** * Controler implementation for eIDAS Node communication. @@ -108,8 +108,8 @@ public class EidasSignalServlet extends AbstractProcessEngineSignalController { } log.trace("Receive eIDAS-node token: " + tokenBase64 + " Starting transaction-restore process ... "); - final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService = - (SpecificConnectorCommunicationServiceImpl) context.getBean( + final SpecificCommunicationService specificConnectorCommunicationService = + (SpecificCommunicationService) context.getBean( SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); final ILightResponse eidasResponse = specificConnectorCommunicationService.getAndRemoveResponse( tokenBase64, diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/EidasPersonalIdStoreDao.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/EidasPersonalIdStoreDao.java deleted file mode 100644 index c7acdb15..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/EidasPersonalIdStoreDao.java +++ /dev/null @@ -1,158 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.Iterator; -import java.util.List; - -import at.gv.egiz.eaaf.core.impl.data.Pair; - -@Deprecated -public class EidasPersonalIdStoreDao { - public static final String NAME = "foreigneIDMap"; - - // Enum with all cols of this table - public enum Cols { - timestamp, transactionId, eidasId, eidasSourceCountry, eidasDestinationCountry, ernbId - } - - public enum T { - ID("INTEGER"), - BIGINT("VARCHAR(265)"), - URI("VARCHAR(256)"), - DATE("Long"), - TEXT("TEXT"), - Long("BIGINT"), - Int("INTEGER"), - BLOB("BLOB"), - CC("CHAR(2)"), - BOOL("INTEGER"); - - private final String type; - - T(String el) { - type = el; - } - - @Override - public String toString() { - return type; - } - } - - // define Cols of the table - public static final List<Pair<String, T>> TABLE_COLS; - - static { - final List<Pair<String, T>> cols = new ArrayList<>(); - cols.add(Pair.newInstance(Cols.timestamp.name(), T.DATE)); - cols.add(Pair.newInstance(Cols.transactionId.name(), T.TEXT)); - cols.add(Pair.newInstance(Cols.eidasId.name(), T.TEXT)); - cols.add(Pair.newInstance(Cols.eidasSourceCountry.name(), T.CC)); - cols.add(Pair.newInstance(Cols.eidasDestinationCountry.name(), T.CC)); - cols.add(Pair.newInstance(Cols.ernbId.name(), T.TEXT)); - - TABLE_COLS = Collections.unmodifiableList(cols); - - } - - public static final String CREATE = "CREATE TABLE " + NAME - + " (" + "id" + " " + T.ID.toString() - + " PRIMARY KEY AUTOINCREMENT, " + buildCreateTableQuery(TABLE_COLS) + ")"; - - public static final String INSERT = "INSERT INTO " + NAME - + "(" + buildInsertQueryKeys(TABLE_COLS) + ")" - + " VALUES (" + buildInsertQueryValues(TABLE_COLS) + ");"; - - public static final String SELECT_BY_ERNB_ID = "SELECT * FROM " + NAME - + " WHERE " + Cols.ernbId.name() + "=?;"; - - public static final String SELECT_BY_EIDAS_RAW_ID = "SELECT * FROM " + NAME - + " WHERE " + Cols.eidasId.name() + "=?" - + " and " + Cols.eidasSourceCountry.name() + "=?" + ";"; - - /** - * Build a part of a SQL query, which contains the cols of a table that should - * be created. - * - * @param cols List of DB col definitions {@link Pair} - * @return Part of a SQL query, which contains cols that should be created - */ - private static String buildCreateTableQuery(List<Pair<String, T>> cols) { - StringBuffer buf = new StringBuffer(); - for (final Pair<String, T> el : cols) { - buf.append(el.getFirst()); - buf.append(" "); - buf.append(el.getSecond()); - buf.append(","); - - } - String sql = buf.toString(); - return sql.substring(0, sql.length() - 1); - - } - - /** - * Build a part of a SQL query, which contains the cols keys of a table for - * insert operation. - * - * @param cols List of DB col definitions {@link Pair} - * @return Part of a SQL query, which contains cols that should be created - */ - protected static String buildInsertQueryKeys(List<Pair<String, T>> cols) { - - StringBuffer buf = new StringBuffer(); - for (final Pair<String, T> el : cols) { - buf.append(el.getFirst()); - buf.append(","); - - } - String sql = buf.toString(); - return sql.substring(0, sql.length() - 1); - } - - /** - * Build a part of a SQL query, which contains the cols values of a table for - * insert operation. - * - * @param cols List of DB col definitions {@link Pair} - * @return Part of a SQL query, which contains cols that should be created - */ - protected static String buildInsertQueryValues(List<Pair<String, T>> cols) { - - StringBuffer buf = new StringBuffer(); - Iterator<Pair<String, T>> it = cols.iterator(); - while (it.hasNext()) { - buf.append("?,"); - it.next(); - - } - - String sql = buf.toString(); - return sql.substring(0, sql.length() - 1); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java index cb499ca5..2f82387f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java @@ -42,4 +42,5 @@ public interface IErnpClient { void update(RegisterResult registerResult, SimpleEidasData eidData); boolean createNewEntry(SimpleEidasData simpleEidasData); + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index e3c1e00f..734cf873 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -23,6 +23,19 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; + +import com.google.common.collect.ImmutableSortedSet; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; @@ -31,24 +44,15 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRe import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.impl.data.Triple; -import com.google.common.collect.ImmutableSortedSet; -import edu.umd.cs.findbugs.annotations.NonNull; + import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.light.impl.LightRequest.Builder; import eu.eidas.auth.commons.protocol.eidas.SpType; -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; - -import java.util.Map; -import java.util.regex.Matcher; -import java.util.regex.Pattern; public abstract class AbstractEidProcessor implements INationalEidProcessor { private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class); @@ -61,10 +65,12 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { @Override public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) { + buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder); buildProviderNameAttribute(pendingReq, authnRequestBuilder); buildRequestedAttributes(authnRequestBuilder); } + @Override public final ErnbEidData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, EidasAttributeException { @@ -268,10 +274,36 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); if (StringUtils.isNotEmpty(providerName)) { authnRequestBuilder.providerName(providerName); + authnRequestBuilder.requesterId(providerName); + } } + } + + private void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { + // TODO: set matching mode if eIDAS ref. impl. support this method + + // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA + // schemes + String loa = EaafConstants.EIDAS_LOA_HIGH; + if (spConfig.getRequiredLoA() != null) { + if (spConfig.getRequiredLoA().isEmpty()) { + log.info("No eIDAS LoA requested. Use LoA HIGH as default"); + } else { + if (spConfig.getRequiredLoA().size() > 1) { + log.info( + "Currently only ONE requested LoA is supported for service provider. Use first one ... "); + } + + loa = spConfig.getRequiredLoA().get(0); + + } + } + log.debug("Request eIdAS node with LoA: " + loa); + authnRequestBuilder.levelOfAssurance(loa); + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java index cfaecfbb..234d52dd 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java @@ -79,7 +79,8 @@ public class AuthBlockSigningService { EidasAuchBlock authBlock = new EidasAuchBlock(); authBlock.setChallenge(UUID.randomUUID().toString()); authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS)); - authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class)); + authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class)); + authBlock.setPiiTransactionId(pendingReq.getUniquePiiTransactionIdentifier()); String jwsPayload = mapper.writeValueAsString(authBlock); log.debug("Building and sign authBlock with data: {}", jwsPayload); @@ -185,6 +186,9 @@ public class AuthBlockSigningService { @JsonProperty("appId") private String uniqueId; + @JsonProperty("piiTransactionId") + private String piiTransactionId; + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java index 98c4c2de..e73491ab 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java @@ -35,13 +35,13 @@ import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; import org.springframework.stereotype.Service; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; -import edu.umd.cs.findbugs.annotations.NonNull; import eu.eidas.auth.commons.attribute.AttributeRegistries; import eu.eidas.auth.commons.attribute.AttributeRegistry; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java index 69b993a4..1f5837d6 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java @@ -45,6 +45,7 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; +import javax.xml.XMLConstants; import javax.xml.bind.JAXBContext; import javax.xml.bind.Marshaller; import javax.xml.namespace.QName; @@ -58,8 +59,6 @@ import javax.xml.ws.BindingProvider; import javax.xml.ws.Dispatch; import javax.xml.ws.handler.Handler; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.commons.lang3.StringUtils; import org.apache.cxf.configuration.jsse.TLSClientParameters; import org.apache.cxf.endpoint.Client; @@ -75,9 +74,14 @@ import org.springframework.stereotype.Service; import org.w3c.dom.Document; import org.w3c.dom.Element; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; @@ -111,7 +115,8 @@ public class SzrClient { private static final String KEY_BC_BIND = "bcBindReq"; private static final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype"; private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind"; - + public static final String ATTR_NAME_MDS = "urn:eidgvat:mds"; + @Autowired private IConfiguration basicConfig; @@ -229,7 +234,7 @@ public class SzrClient { final String resp; try { - resp = this.szr.getStammzahlEncrypted(personInfo, false); + resp = this.szr.getStammzahlEncrypted(personInfo, true); } catch (SZRException_Exception e) { throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); } @@ -242,36 +247,38 @@ public class SzrClient { } - /** - * Signs content. + * Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status. * - * @param vsz ? TODO + * @param vsz encryped baseId * @param bindingPubKey binding PublikKey as PKCS1# (ASN.1) container * @param eidStatus Status of the E-ID + * @param eidData eID information that was used for ERnP registration * @return bPK for this person * @throws SzrCommunicationException In case of a SZR error */ - public String getBcBind(final String vsz, final String bindingPubKey, final String eidStatus) - throws SzrCommunicationException { - - final Map<String, Object> bcBindMap = new HashMap<>(); - bcBindMap.put(ATTR_NAME_VSZ, vsz); - bcBindMap.put(ATTR_NAME_STATUS, eidStatus); - bcBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey)); - + public String getEidsaBind(final String vsz, final String bindingPubKey, final String eidStatus, + ErnbEidData eidData)throws SzrCommunicationException { + + final Map<String, Object> eidsaBindMap = new HashMap<>(); + eidsaBindMap.put(ATTR_NAME_VSZ, vsz); + eidsaBindMap.put(ATTR_NAME_STATUS, eidStatus); + eidsaBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey)); + eidsaBindMap.put(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode()); + injectMdsIfAvailableAndActive(eidsaBindMap, eidData); + try { - final String serializedBcBind = mapper.writeValueAsString(bcBindMap); + final String serializedEidasBind = mapper.writeValueAsString(eidsaBindMap); final SignContent req = new SignContent(); - final SignContentEntry bcBindInfo = new SignContentEntry(); - bcBindInfo.setKey(KEY_BC_BIND); - bcBindInfo.setValue(serializedBcBind); - req.getIn().add(bcBindInfo); + final SignContentEntry eidasBindInfo = new SignContentEntry(); + eidasBindInfo.setKey(KEY_BC_BIND); + eidasBindInfo.setValue(serializedEidasBind); + req.getIn().add(eidasBindInfo); req.setAppendCert(false); - final JwsHeaderParam bcBindJoseHeader = new JwsHeaderParam(); - bcBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE); - bcBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND); - req.getJWSHeaderParam().add(bcBindJoseHeader); + final JwsHeaderParam eidasBindJoseHeader = new JwsHeaderParam(); + eidasBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE); + eidasBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND); + req.getJWSHeaderParam().add(eidasBindJoseHeader); log.trace("Requesting SZR to sign bcBind datastructure ... "); final SignContentResponseType resp = szr.signContent(req.isAppendCert(), req.getJWSHeaderParam(), req.getIn()); @@ -486,8 +493,22 @@ public class SzrClient { } + private void injectMdsIfAvailableAndActive(Map<String, Object> eidsaBindMap, ErnbEidData eidData) { + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND, false)) { + log.info("Injecting MDS into eidasBind ... "); + final Map<String, Object> mds = new HashMap<>(); + mds.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, eidData.getFamilyName()); + mds.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, eidData.getGivenName()); + mds.put(PvpAttributeDefinitions.BIRTHDATE_NAME, eidData.getFormatedDateOfBirth()); + eidsaBindMap.put(ATTR_NAME_MDS, mds); + + } + } + private byte[] sourceToByteArray(Source result) throws TransformerException { final TransformerFactory factory = TransformerFactory.newInstance(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); final Transformer transformer = factory.newTransformer(); transformer.setOutputProperty("omit-xml-declaration", "yes"); transformer.setOutputProperty("method", "xml"); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index f9142f8e..b519354c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -150,38 +150,40 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { // get encrypted baseId String vsz = szrClient.getEncryptedStammzahl(personInfo); - + + //write revision-Log entry and extended infos personal-identifier mapping + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED); + writeExtendedRevisionLogEntry(simpleAttrMap, eidData); + + // get eIDAS bind - String signedEidasBind = szrClient.getBcBind(vsz, + String signedEidasBind = szrClient.getEidsaBind(vsz, authBlockSigner.getBase64EncodedPublicKey(), - EID_STATUS); - + EID_STATUS, eidData); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED); + authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); + //get signed AuthBlock String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq); - - //inject personal-data into session + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.TECH_AUCHBLOCK_CREATED); authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); - authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); + + //inject personal-data into session + authProcessData.setEidProcess(true); } else { //request SZR SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo); - // write ERnB input-data into revision-log - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, - (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); - - } + //write revision-Log entry for personal-identifier mapping + writeExtendedRevisionLogEntry(simpleAttrMap, eidData); //check result-data and write revision-log based on current state checkStateAndWriteRevisionLog(idlResult); - //inject personal-data into session authProcessData.setIdentityLink(idlResult.getIdentityLink()); + authProcessData.setEidProcess(false); // set bPK and bPKType into auth session authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix( @@ -217,6 +219,17 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } + private void writeExtendedRevisionLogEntry(Map<String, Object> simpleAttrMap, ErnbEidData eidData) { + // write ERnB input-data into revision-log + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, + (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); + + } + } + private PersonInfoType generateSzrRequest(ErnbEidData eidData) { log.debug("Starting connecting SZR Gateway"); final PersonInfoType personInfo = new PersonInfoType(); @@ -279,14 +292,18 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); // get bPK from SZR - String bpk; + String bpk = null; if (basicConfig .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { - bpk = szrClient + List<String> bpkList = szrClient .getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), basicConfig - .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined")) - .get(0); + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined")); + if (!bpkList.isEmpty()) { + bpk = bpkList.get(0); + + } + } else { log.debug("Calculating bPK from baseId ... "); @@ -380,7 +397,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } else { final List<String> natPersonIdObj = EidasResponseUtils - .translateStringListAttribute(el, attributeMap.get(el).asList()); + .translateStringListAttribute(el, attributeMap.get(el)); final String stringAttr = natPersonIdObj.get(0); if (StringUtils.isNotEmpty(stringAttr)) { result.put(el.getFriendlyName(), stringAttr); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index 0b6e9ee8..92f58877 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -41,10 +41,8 @@ import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; @@ -87,9 +85,6 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { try { - // get service-provider configuration - final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); - // get target, environment and validate citizen countryCode final String citizenCountryCode = (String) executionContext.get( MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); @@ -110,6 +105,13 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { final LightRequest.Builder authnRequestBuilder = LightRequest.builder(); authnRequestBuilder.id(UUID.randomUUID().toString()); + // set nameIDFormat + authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); + + // set citizen country code for foreign uses + authnRequestBuilder.citizenCountryCode(citizenCountryCode); + + //set Issuer final String issur = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_ENTITYID); if (StringUtils.isEmpty(issur)) { log.error("Found NO 'eIDAS node issuer' in configuration. Authentication NOT possible!"); @@ -119,42 +121,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } authnRequestBuilder.issuer(issur); - // TODO: set matching mode if eIDAS ref. impl. support this method - - // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA - // schemes - String loa = EaafConstants.EIDAS_LOA_HIGH; - if (spConfig.getRequiredLoA() != null) { - if (spConfig.getRequiredLoA().isEmpty()) { - log.info("No eIDAS LoA requested. Use LoA HIGH as default"); - } else { - if (spConfig.getRequiredLoA().size() > 1) { - log.info( - "Currently only ONE requested LoA is supported for service provider. Use first one ... "); - } - - loa = spConfig.getRequiredLoA().get(0); - - } - } - - log.debug("Request eIdAS node with LoA: " + loa); - authnRequestBuilder.levelOfAssurance(loa); - - // set nameIDFormat - authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); - - // set citizen country code for foreign uses - authnRequestBuilder.citizenCountryCode(citizenCountryCode); - - // set relay state - /* - * TODO: SecureToken PendingRequestId generates a validation exception in - * eIDASNode because eIDASNode implements limit on size for RelayState - * (80characaters) - */ - // authnRequestBuilder.relayState(pendingReq.getPendingRequestId()); - + // Add country-specific informations into eIDAS request ccSpecificProcessing.preProcess(citizenCountryCode, pendingReq, authnRequestBuilder); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 34e258ca..9e5b4d67 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -296,7 +296,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { } } else { final List<String> natPersonIdObj = EidasResponseUtils - .translateStringListAttribute(el, attributeMap.get(el).asList()); + .translateStringListAttribute(el, attributeMap.get(el)); final String stringAttr = natPersonIdObj.get(0); if (StringUtils.isNotEmpty(stringAttr)) { result.put(el.getFriendlyName(), stringAttr); @@ -309,4 +309,4 @@ public class InitialSearchTask extends AbstractAuthServletTask { log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString()); return result; } -} +}
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java index aafcd8b9..ef8822aa 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -19,7 +19,7 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; @@ -28,6 +28,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttribute import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import at.gv.egiz.eaaf.core.impl.data.Triple; import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableSet; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.attribute.AttributeValueMarshaller; @@ -57,7 +58,7 @@ public class EidasResponseUtils { * * @param uniqueID eIDAS attribute value of a unique identifier * @return true if the uniqueID matches to eIDAS to Unique Identifier - * specification, otherwise false + * specification, otherwise false */ public static boolean validateEidasPersonalIdentifier(String uniqueID) { final Pattern pattern = Pattern.compile(PERSONALIDENIFIER_VALIDATION_PATTERN); @@ -73,10 +74,10 @@ public class EidasResponseUtils { * * @param uniqueID eIDAS attribute value of a unique identifier * @return {@link Triple} that contains: <br> - * First : citizen country <br> - * Second: destination country <br> - * Third : unique identifier <br> - * or null if the attribute value has a wrong format + * First : citizen country <br> + * Second: destination country <br> + * Third : unique identifier <br> + * or null if the attribute value has a wrong format */ public static Triple<String, String, String> parseEidasPersonalIdentifier(String uniqueID) { if (!validateEidasPersonalIdentifier(uniqueID)) { @@ -93,58 +94,79 @@ public class EidasResponseUtils { * Get eIDAS attribute-values from eIDAS Node attributes. * * @param attributeDefinition eIDAS attribute definition - * @param attributeValues Attributes from eIDAS response - * @return Set of attribute values. If more then one value than the first value contains the 'Latin' value. + * @param attributeValues Attributes from eIDAS response + * @return Set of attribute values. If more then one value than the first value + * contains the 'Latin' value. */ // TODO: check possible problem with nonLatinCharacters public static List<String> translateStringListAttribute(AttributeDefinition<?> attributeDefinition, - ImmutableList<? extends AttributeValue<?>> attributeValues) { + @Nullable ImmutableSet<? extends AttributeValue<?>> attributeValues) { final List<String> stringListAttribute = new ArrayList<>(); - final AttributeValueMarshaller<?> attributeValueMarshaller = attributeDefinition - .getAttributeValueMarshaller(); - for (final AttributeValue<?> attributeValue : attributeValues) { - String valueString = null; - try { - valueString = attributeValueMarshaller.marshal((AttributeValue) attributeValue); - - log.trace("Find attr: {} with value: {} nonLatinFlag: {} needTransliteration: {}", - attributeDefinition.getFriendlyName(), attributeValue.toString(), - attributeValue.isNonLatinScriptAlternateVersion(), - AttributeValueTransliterator.needsTransliteration(valueString)); - - // if (attributeValue.isNonLatinScriptAlternateVersion()) { - if (!AttributeValueTransliterator.needsTransliteration(valueString)) { - stringListAttribute.add(0, valueString); - - } else { - log.trace("Find 'needsTransliteration' flag. Setting this value at last list element ... "); - stringListAttribute.add(valueString); + if (attributeValues == null) { + log.info("Can not extract infos from 'null' attribute value"); - } + } else { + final AttributeValueMarshaller<?> attributeValueMarshaller = + attributeDefinition.getAttributeValueMarshaller(); + for (final AttributeValue<?> attributeValue : attributeValues) { + String valueString = null; + try { + valueString = attributeValueMarshaller.marshal((AttributeValue) attributeValue); + + log.trace("Find attr: {} with value: {} nonLatinFlag: {} needTransliteration: {}", + attributeDefinition.getFriendlyName(), attributeValue.toString(), + attributeValue.isNonLatinScriptAlternateVersion(), + AttributeValueTransliterator.needsTransliteration(valueString)); + + // if (attributeValue.isNonLatinScriptAlternateVersion()) { + if (!AttributeValueTransliterator.needsTransliteration(valueString)) { + stringListAttribute.add(0, valueString); + + } else { + log.trace("Find 'needsTransliteration' flag. Setting this value at last list element ... "); + stringListAttribute.add(valueString); + + log.trace("Find attr: {} with value: {} nonLatinFlag: {} needTransliteration: {}", + attributeDefinition.getFriendlyName(), attributeValue.toString(), + attributeValue.isNonLatinScriptAlternateVersion(), + AttributeValueTransliterator.needsTransliteration(valueString)); + + // if (attributeValue.isNonLatinScriptAlternateVersion()) { + if (!AttributeValueTransliterator.needsTransliteration(valueString)) { + stringListAttribute.add(0, valueString); + + } else { + log.trace("Find 'needsTransliteration' flag. Setting this value at last list element ... "); + stringListAttribute.add(valueString); + + } + } + } catch (final AttributeValueMarshallingException e) { + throw new IllegalStateException(e); - } catch (final AttributeValueMarshallingException e) { - throw new IllegalStateException(e); + } } - } + log.trace("Extract values: {} for attr: {}", + StringUtils.join(stringListAttribute, ","), attributeDefinition.getFriendlyName()); - log.trace("Extract values: {} for attr: {}", - StringUtils.join(stringListAttribute, ","), attributeDefinition.getFriendlyName()); + } return stringListAttribute; } + /** * Convert eIDAS DateTime attribute to Java Object. * * @param attributeDefinition eIDAS attribute definition. - * @param attributeValues eIDAS attribute value + * @param attributeValues eIDAS attribute value * @return */ @Nullable public static DateTime translateDateAttribute(AttributeDefinition<?> attributeDefinition, - ImmutableList<? extends AttributeValue<?>> attributeValues) { + ImmutableList<? extends AttributeValue<?>> attributeValues) { if (attributeValues.size() != 0) { final AttributeValue<?> firstAttributeValue = attributeValues.get(0); return (DateTime) firstAttributeValue.getValue(); @@ -158,12 +180,12 @@ public class EidasResponseUtils { * Concert eIDAS Address attribute to Java object. * * @param attributeDefinition eIDAS attribute definition - * @param attributeValues eIDAS attribute value + * @param attributeValues eIDAS attribute value * @return */ @Nullable public static PostalAddress translateAddressAttribute(AttributeDefinition<?> attributeDefinition, - ImmutableList<? extends AttributeValue<?>> attributeValues) { + ImmutableList<? extends AttributeValue<?>> attributeValues) { final AttributeValue<?> firstAttributeValue = attributeValues.get(0); return (PostalAddress) firstAttributeValue.getValue(); } @@ -173,7 +195,7 @@ public class EidasResponseUtils { * * @param currentAddressObj eIDAS current address information * @return current address or null if no attribute is available - * @throws EidasAttributeException if eIDAS attribute is of a wrong type + * @throws EidasAttributeException if eIDAS attribute is of a wrong type */ public static PostalAddressType processAddress(Object currentAddressObj) throws EidasAttributeException { if (currentAddressObj != null) { @@ -198,7 +220,7 @@ public class EidasResponseUtils { * * @param birthNameObj eIDAS birthname information * @return birthName or null if no attribute is available - * @throws EidasAttributeException if eIDAS attribute is of a wrong type + * @throws EidasAttributeException if eIDAS attribute is of a wrong type */ public static String processBirthName(Object birthNameObj) throws EidasAttributeException { if (birthNameObj != null) { @@ -219,7 +241,7 @@ public class EidasResponseUtils { * * @param placeOfBirthObj eIDAS Place-of-Birth information * @return place of Birth or null if no attribute is available - * @throws EidasAttributeException if eIDAS attribute is of a wrong type + * @throws EidasAttributeException if eIDAS attribute is of a wrong type */ public static String processPlaceOfBirth(Object placeOfBirthObj) throws EidasAttributeException { if (placeOfBirthObj != null) { @@ -243,7 +265,7 @@ public class EidasResponseUtils { * * @param dateOfBirthObj eIDAS date-of-birth attribute information * @return formated user's date-of-birth - * @throws EidasAttributeException if NO attribute is available + * @throws EidasAttributeException if NO attribute is available */ public static DateTime processDateOfBirth(Object dateOfBirthObj) throws EidasAttributeException { if (!(dateOfBirthObj instanceof DateTime)) { @@ -257,7 +279,7 @@ public class EidasResponseUtils { * * @param dateOfBirthObj eIDAS date-of-birth attribute information * @return formated user's date-of-birth as string - * @throws EidasAttributeException if NO attribute is available + * @throws EidasAttributeException if NO attribute is available */ public static String processDateOfBirthToString(Object dateOfBirthObj) throws EidasAttributeException { if (!(dateOfBirthObj instanceof DateTime)) { @@ -271,7 +293,7 @@ public class EidasResponseUtils { * * @param givenNameObj eIDAS givenName attribute information * @return formated user's givenname - * @throws EidasAttributeException if NO attribute is available + * @throws EidasAttributeException if NO attribute is available */ public static String processGivenName(Object givenNameObj) throws EidasAttributeException { if (!(givenNameObj instanceof String)) { @@ -285,7 +307,7 @@ public class EidasResponseUtils { * * @param familyNameObj eIDAS familyName attribute information * @return formated user's familyname - * @throws EidasAttributeException if NO attribute is available + * @throws EidasAttributeException if NO attribute is available */ public static String processFamilyName(Object familyNameObj) throws EidasAttributeException { if (!(familyNameObj instanceof String)) { @@ -299,7 +321,7 @@ public class EidasResponseUtils { * * @param personalIdObj eIDAS PersonalIdentifierAttribute * @return Unique personal identifier without country-code information - * @throws EidasAttributeException if NO attribute is available + * @throws EidasAttributeException if NO attribute is available */ public static String processPseudonym(Object personalIdObj) throws EidasAttributeException { if (!(personalIdObj instanceof String)) { @@ -318,7 +340,7 @@ public class EidasResponseUtils { * * @param taxReferenceObj eIDAS TaxReference attribute information * @return formated user's TaxReference - * @throws EidasAttributeException if NO attribute is available + * @throws EidasAttributeException if NO attribute is available */ public static String processTaxReference(Object taxReferenceObj) throws EidasAttributeException { if (!(taxReferenceObj instanceof String)) { @@ -326,4 +348,4 @@ public class EidasResponseUtils { } return (String) taxReferenceObj; } -} +}
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java index 1836e87b..9d9a0647 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java @@ -29,7 +29,7 @@ import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableSet; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException; @@ -98,8 +98,8 @@ public class EidasResponseValidator { */ final AttributeDefinition<?> attrDefinition = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); - final ImmutableList<? extends AttributeValue<?>> attributeValues = eidasResponse.getAttributes() - .getAttributeMap().get(attrDefinition).asList(); + final ImmutableSet<? extends AttributeValue<?>> attributeValues = eidasResponse.getAttributes() + .getAttributeMap().get(attrDefinition); final List<String> personalIdObj = EidasResponseUtils.translateStringListAttribute(attrDefinition, attributeValues); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 32e3241c..fb1fa0f3 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -105,6 +105,7 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask" scope="prototype" /> + <bean id="CreateNewErnpEntryTask" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask" scope="prototype" /> |