aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java1
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java5
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java59
3 files changed, 55 insertions, 10 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
index b1cd128f..beb3cce7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java
@@ -11,7 +11,6 @@ import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
public class Constants {
- public static final String EXECUTIONCONTEXT_SELECTED_COUNTRY = "selectedCountry";
public static final String DATA_REQUESTERID = "req_requesterId";
public static final String DATA_PROVIDERNAME = "req_providerName";
public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
index fef9cbfa..c41559b8 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java
@@ -6,6 +6,7 @@ import org.apache.commons.lang3.StringUtils;
import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
/**
* @author tlenz
@@ -33,8 +34,8 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
*/
@Override
public String selectProcess(ExecutionContext context) {
- if (StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)) ||
- StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)))
+ if (StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY)) ||
+ StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY)))
return "eIDASAuthentication_v2";
else
return null;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
index d65ce72f..e9a7a190 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eidas.specific.connector.MSConnectorEventCodes;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
import at.gv.egiz.eidas.specific.connector.gui.StaticGuiBuilderConfiguration;
import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants;
import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
@@ -70,9 +71,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
//get service-provider configuration
ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
- // get target and validate citizen countryCode
- String citizenCountryCode = (String) executionContext.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY);
-
+ // get target, environment and validate citizen countryCode
+ String citizenCountryCode = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY);
+ String environment = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT);
+
if (StringUtils.isEmpty(citizenCountryCode)) {
// illegal state; task should not have been executed without a selected country
throw new eIDASAuthenticationException("eidas.03", new Object[] { "" });
@@ -179,6 +181,18 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
}
+ //select forward URL regarding the selected environment
+ String forwardURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL);
+ if (StringUtils.isNotEmpty(environment))
+ forwardURL = selectedForwardURLForEnvironment(environment);
+
+ if (StringUtils.isEmpty(forwardURL)) {
+ log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops");
+ throw new EAAFConfigurationException("config.08", new Object[] {Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL});
+
+ }
+ log.debug("ForwardURL: " + forwardURL + " selected to forward eIDAS request");
+
if (basicConfig.getBasicConfiguration(
Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD,
Constants.FORWARD_METHOD_GET
@@ -186,7 +200,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
log.debug("Use http-redirect for eIDAS node forwarding ... ");
//send redirect
- UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL));
+ UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardURL);
redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64);
response.sendRedirect(redirectUrl.build().encode().toString());
@@ -198,8 +212,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
Constants.TEMPLATE_POST_FORWARD_NAME,
null);
- config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT,
- basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL));
+ config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL);
config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME,
EidasParameterKeys.TOKEN.toString());
config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE,
@@ -223,7 +236,39 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
}
- private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) {
+ /**
+ * Select a forward URL from configuration for a specific environment
+ * <br><br>
+ * <b>Info: </b> This method is needed, because eIDAS Ref. Impl only supports one countrycode on each instance.
+ * In consequence, more than one eIDAS Ref. Impl nodes are required to support producation, testing, or QS stages
+ * for one country by using one ms-specific eIDAS connector
+ *
+ * @param environment Environment selector from CountrySlection page
+ * @return
+ */
+ private String selectedForwardURLForEnvironment(String environment) {
+ log.trace("Starting endpoint selection process for environment: " + environment + " ... ");
+ if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION))
+ return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL);
+
+ else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS))
+ return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL
+ + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS);
+
+ else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING))
+ return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL
+ + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING);
+
+ else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT))
+ return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL
+ + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT);
+
+ log.info("Environment selector: " + environment + " is not supported");
+ return null;
+
+ }
+
+ private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) {
ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder();
for (Map.Entry<String,Boolean> attribute : requiredAttributes.entrySet()) {
final String name = attribute.getKey();