diff options
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src/main/java')
8 files changed, 95 insertions, 24 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 70a1e69a..a9125849 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -91,6 +91,9 @@ public class Constants { EidasConstants.CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation"; + public static final String CONIG_PROPS_EIDAS_NODE_NOT_SUPPORT_PRIVATE_SP = + EidasConstants.CONIG_PROPS_EIDAS_NODE + ".proxyservices.privatesp.notsupported"; + public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION = EidasConstants.CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm"; public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX = diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java index f4c0be67..f1f9a9f6 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java @@ -36,5 +36,4 @@ public class EidPostProcessingException extends EidasSAuthenticationException { super(internalMsgId, params, e); } - } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPreProcessingException.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPreProcessingException.java new file mode 100644 index 00000000..75e03f21 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPreProcessingException.java @@ -0,0 +1,39 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +public class EidPreProcessingException extends EidasSAuthenticationException { + + private static final long serialVersionUID = 6780652273831172456L; + + public EidPreProcessingException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + + } + + public EidPreProcessingException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); + + } +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index 61d5ded2..d97ed807 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -47,6 +47,7 @@ import com.google.common.collect.ImmutableSortedSet; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ConnectorEidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; @@ -56,6 +57,7 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.light.impl.LightRequest.Builder; @@ -71,14 +73,18 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected IConfigurationWithSP basicConfig; @Override - public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) { + public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder, String countryCode) + throws EidPreProcessingException { + // validate current state + validateSelectionWithState(pendingReq, countryCode); + + // build country-specific authentication request buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder); buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder); buildRequestedAttributes(authnRequestBuilder); } - @Override public final SimpleEidasData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, EidasAttributeException { @@ -224,15 +230,8 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { */ protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) { final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); - - // set correct SPType for requested target sector - final String publicSectorTargetSelector = basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS, - Constants.POLICY_DEFAULT_ALLOWED_TARGETS); - final Pattern p = Pattern.compile(publicSectorTargetSelector); - final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier()); - if (m.matches()) { - log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'"); + if (isPublicServiceProvider(pendingReq)) { + log.debug("Map {} to 'PublicSector'", spConfig.getAreaSpecificTargetIdentifier()); authnRequestBuilder.spType(SpType.PUBLIC.getValue()); final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); @@ -269,7 +268,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { } } - + /** * Build LoA based on Service-Provider configuration. * @@ -361,4 +360,30 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { } + private void validateSelectionWithState(IRequest pendingReq, String countryCode) throws EidPreProcessingException { + boolean psNotSupportPrivate = KeyValueUtils.getListOfCsvValues( + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_NOT_SUPPORT_PRIVATE_SP)) + .stream() + .filter(el-> el.equalsIgnoreCase(countryCode)) + .findFirst() + .isPresent(); + + if (!isPublicServiceProvider(pendingReq) && psNotSupportPrivate) { + log.warn("Selected country: {} does not support private service providers.", countryCode); + throw new EidPreProcessingException("module.eidasauth.07", null); + + } + } + + private boolean isPublicServiceProvider(IRequest pendingReq) { + final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + final String publicSectorTargetSelector = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS, + Constants.POLICY_DEFAULT_ALLOWED_TARGETS); + final Pattern p = Pattern.compile(publicSectorTargetSelector); + final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier()); + return m.matches(); + + } + } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java index 79a261fe..b6f67ca8 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java @@ -26,8 +26,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import java.util.Map; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.gv.egiz.eaaf.core.api.IRequest; import eu.eidas.auth.commons.light.ILightRequest; import eu.eidas.auth.commons.light.impl.LightRequest.Builder; @@ -76,6 +77,8 @@ public interface INationalEidProcessor { * * @param pendingReq current pending request * @param authnRequestBuilder eIDAS {@link ILightRequest} builder + * @param countryCode of the eID data that should be processed + * @throws EidPreProcessingException In case of a pre-processing error */ - void preProcess(IRequest pendingReq, Builder authnRequestBuilder); + void preProcess(IRequest pendingReq, Builder authnRequestBuilder, String countryCode) throws EidPreProcessingException; } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java index bbfcb5ff..620e7a9c 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java @@ -41,6 +41,7 @@ import org.springframework.stereotype.Service; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.INationalEidProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; @@ -84,7 +85,7 @@ public class CcSpecificEidProcessingService implements ICcSpecificEidProcessingS @Override public void preProcess(String selectedCitizenCountry, IRequest pendingReq, Builder authnRequestBuilder) - throws EidPostProcessingException { + throws EidPreProcessingException { if (StringUtils.isEmpty(selectedCitizenCountry)) { log.info("No CountryCode for eID Pre-Processor. Default Pre-Processor will be used"); } @@ -92,14 +93,14 @@ public class CcSpecificEidProcessingService implements ICcSpecificEidProcessingS for (final INationalEidProcessor el : handlers) { if (el.canHandle(selectedCitizenCountry)) { log.debug("Pre-Process eIDAS request for " + selectedCitizenCountry + " by using: " + el.getName()); - el.preProcess(pendingReq, authnRequestBuilder); + el.preProcess(pendingReq, authnRequestBuilder, selectedCitizenCountry); return; } } - log.error("NO eID PostProcessor FOUND. Looks like a depentency problem!"); - throw new EidPostProcessingException("internal.00", null); + log.error("NO eID PreProcessor FOUND. Looks like a depentency problem!"); + throw new EidPreProcessingException("internal.00", null); } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java index fb9ba318..85255398 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java @@ -26,8 +26,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; import java.util.Map; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.gv.egiz.eaaf.core.api.IRequest; import eu.eidas.auth.commons.light.ILightRequest; import eu.eidas.auth.commons.light.impl.LightRequest.Builder; @@ -53,9 +54,9 @@ public interface ICcSpecificEidProcessingService { * @param selectedCC Citizen Country from selection * @param pendingReq current pending request * @param authnRequestBuilder eIDAS {@link ILightRequest} builder - * @throws EidPostProcessingException In case of a pre-processing error + * @throws EidPreProcessingException In case of a pre-processing error */ void preProcess(String selectedCC, IRequest pendingReq, Builder authnRequestBuilder) - throws EidPostProcessingException; + throws EidPreProcessingException; } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index 535c2958..93e1033d 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -41,7 +41,7 @@ import at.asitplus.eidas.specific.core.MsConnectorEventCodes; import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; @@ -170,7 +170,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { @NotNull private LightRequest buildEidasAuthnRequest(String citizenCountryCode, String issuer) - throws EidPostProcessingException { + throws EidPreProcessingException { final LightRequest.Builder builder = LightRequest.builder(); builder.id(UUID.randomUUID().toString()); |