diff options
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src/main/java')
17 files changed, 297 insertions, 361 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 66848fcc..3c41bf0a 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -23,6 +23,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; public class Constants { @@ -54,38 +55,36 @@ public class Constants { */ public static final String DATA_PERSON_MATCH_RESULT = "matching_result"; - // templates for post-binding forwarding - public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; - public static final String TEMPLATE_POST_FORWARD_ENDPOINT = "endPoint"; - public static final String TEMPLATE_POST_FORWARD_TOKEN_NAME = "tokenName"; - public static final String TEMPLATE_POST_FORWARD_TOKEN_VALUE = "tokenValue"; + // configuration properties - public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS"; - + public static final String CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR = - CONIG_PROPS_EIDAS_PREFIX + ".workarounds.staging.msconnector.endpoint"; + EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".workarounds.staging.msconnector.endpoint"; public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = - CONIG_PROPS_EIDAS_PREFIX + ".eid.testidentity.default"; + EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".eid.testidentity.default"; - public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2"; + public static final String CONIG_PROPS_EIDAS_NODE = EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".node_v2"; public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode"; public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE + ".publicSectorTargets"; public static final String CONIG_PROPS_EIDAS_NODE_ENTITYID = CONIG_PROPS_EIDAS_NODE + ".entityId"; - public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_URL = CONIG_PROPS_EIDAS_NODE + public static final String CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL = CONIG_PROPS_EIDAS_NODE + ".forward.endpoint"; + public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD = CONIG_PROPS_EIDAS_NODE + ".forward.method"; + public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL = - CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural"; + EidasConstants.CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural"; public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL = - CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural"; + EidasConstants.CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural"; public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION = - CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation"; + EidasConstants.CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation"; + public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION = - CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm"; + EidasConstants.CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm"; public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX = CONIG_PROPS_EIDAS_NODE + ".requesterId.lu.useStaticRequesterForAll"; @@ -106,7 +105,8 @@ public class Constants { // Common SSL client configuration - public static final String CONIG_PROPS_EIDAS_COMMON_CLIENT = CONIG_PROPS_EIDAS_PREFIX + ".client.common"; + public static final String CONIG_PROPS_EIDAS_COMMON_CLIENT = + EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".client.common"; public static final String CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_COMMON_CLIENT + ".ssl.keyStore.path"; public static final String CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_COMMON_CLIENT @@ -129,15 +129,17 @@ public class Constants { + ".ssl.trustStore.name"; /** Enable / Disable matching based on address search. **/ - public static final String CONFIG_PROP_MATCHING_BY_ADDRESS = CONIG_PROPS_EIDAS_PREFIX + ".matching.byaddress.enable"; + public static final String CONFIG_PROP_MATCHING_BY_ADDRESS = + EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".matching.byaddress.enable"; public static final String CONFIG_PROP_MATCHING_BY_ADDRESS_MAX_RESULTS = - CONIG_PROPS_EIDAS_PREFIX + ".matching.byaddress.maxresults"; + EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".matching.byaddress.maxresults"; public static final String DEFAULT_MATCHING_BY_ADDRESS_MAX_RESULTS = "250"; // ZMR Client configuration properties - public static final String CONIG_PROPS_EIDAS_ZMRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".zmrclient"; + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT = + EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".zmrclient"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_ENDPOINT = CONIG_PROPS_EIDAS_ZMRCLIENT + ".endpoint"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_DEBUG_TRACEMESSAGES = CONIG_PROPS_EIDAS_ZMRCLIENT @@ -174,7 +176,8 @@ public class Constants { + ".ssl.trustStore.name"; // ErnP Client configuration properties - public static final String CONIG_PROPS_EIDAS_ERNPCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".ernpclient"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT = + EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".ernpclient"; public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_ENDPOINT = CONIG_PROPS_EIDAS_ERNPCLIENT + ".endpoint"; public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_ERNPCLIENT @@ -209,7 +212,8 @@ public class Constants { // SZR Client configuration properties - public static final String CONIG_PROPS_EIDAS_SZRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".szrclient"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT = + EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".szrclient"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE = CONIG_PROPS_EIDAS_SZRCLIENT + ".useTestService"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES = CONIG_PROPS_EIDAS_SZRCLIENT @@ -267,7 +271,7 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE = CONIG_PROPS_EIDAS_SZRCLIENT + ".revisionlog.eidmapping.active"; - public static final String DEFAULT_MS_NODE_COUNTRY_CODE = "AT"; + @Deprecated public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL = @@ -285,46 +289,12 @@ public class Constants { // eIDAS request parameters public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; - // eIDAS attribute names - public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; - public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; - public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; - public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName"; - public static final String eIDAS_ATTR_PLACEOFBIRTH = "PlaceOfBirth"; - public static final String eIDAS_ATTR_BIRTHNAME = "BirthName"; - public static final String eIDAS_ATTR_CURRENTADDRESS = "CurrentAddress"; - public static final String eIDAS_ATTR_TAXREFERENCE = "TaxReference"; - - public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; - public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; - - - //eIDAS attribute URN - public static final String eIDAS_ATTRURN_PREFIX = "http://eidas.europa.eu/attributes/"; - public static final String eIDAS_ATTRURN_PREFIX_NATURAL = eIDAS_ATTRURN_PREFIX + "naturalperson/"; - - public static final String eIDAS_ATTRURN_PERSONALIDENTIFIER = - eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PERSONALIDENTIFIER; - public static final String eIDAS_ATTRURN_CURRENTGIVENNAME = - eIDAS_ATTRURN_PREFIX_NATURAL + "CurrentGivenName"; - public static final String eIDAS_ATTRURN_CURRENTFAMILYNAME = - eIDAS_ATTRURN_PREFIX_NATURAL + "CurrentFamilyName"; - public static final String eIDAS_ATTRURN_DATEOFBIRTH = - eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_DATEOFBIRTH; - public static final String eIDAS_ATTRURN_PLACEOFBIRTH = - eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PLACEOFBIRTH; - public static final String eIDAS_ATTRURN_BIRTHNAME = - eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_BIRTHNAME; - - public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public"; public static final String eIDAS_REQ_PARAM_SECTOR_PRIVATE = "private"; public static final String POLICY_DEFAULT_ALLOWED_TARGETS = EaafConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*"; - // SAML2 Constants - public static final String SUCCESS_URI = "urn:oasis:names:tc:SAML:2.0:status:Success"; public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION = "30"; // seconds public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE = "60"; // seconds diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java index d3cac80c..e3600329 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java @@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.collect.ImmutableSortedSet; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import eu.eidas.auth.commons.EidasParameterKeys; diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java index 119a7c60..a847a519 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java @@ -65,6 +65,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenti import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ErnpRestCommunicationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.VersionHolder; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.gv.bmi.namespace.zmr_su.base._20040201_.ServiceFault; import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType; import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; @@ -104,7 +105,7 @@ public class ErnpRestClient implements IErnpClient { // "ERnP anwser for transaction: {0} with code: {1} and message: {2}"; private static final String PROCESS_SEARCH_PERSONAL_IDENTIFIER = - "Searching " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER; + "Searching " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER; private static final String PROCESS_SEARCH_MDS_ONLY = "Searching with MDS only"; private static final String PROCESS_SEARCH_COUNTRY_SPECIFIC = "Searching {0} specific"; @@ -139,7 +140,7 @@ public class ErnpRestClient implements IErnpClient { // build search request final SuchEidas eidasInfos = new SuchEidas(); - eidasInfos.setArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER); + eidasInfos.setArt(EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER); eidasInfos.setWert(personIdentifier); eidasInfos.setStaatscode2(citizenCountryCode); @@ -427,15 +428,15 @@ public class ErnpRestClient implements IErnpClient { // build result return RegisterResult.builder() .pseudonym(selectAllEidasDocument(person, citizenCountryCode, - Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER)) + EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER)) .familyName(person.getPersonendaten().getFamilienname()) .givenName(person.getPersonendaten().getVorname()) .dateOfBirth(getTextualBirthday(person.getPersonendaten().getGeburtsdatum())) .bpk(person.getPersonendaten().getBpkZp()) .placeOfBirth(selectSingleEidasDocument(person, citizenCountryCode, - Constants.eIDAS_ATTRURN_PLACEOFBIRTH)) + EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH)) .birthName(selectSingleEidasDocument(person, citizenCountryCode, - Constants.eIDAS_ATTRURN_BIRTHNAME)) + EidasConstants.eIDAS_ATTRURN_BIRTHNAME)) .build(); } @@ -501,11 +502,11 @@ public class ErnpRestClient implements IErnpClient { //TODO: maybe we should re-factor SimpleEidasData to a generic data-model to facilitate arbitrary eIDAS attributes Set<Eidas> result = new HashSet<>(); addEidasDocumentIfNotAvailable(result, ernpPersonToKitt, eidData.getCitizenCountryCode(), - Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER, eidData.getPseudonym(), true); + EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER, eidData.getPseudonym(), true); addEidasDocumentIfNotAvailable(result, ernpPersonToKitt, eidData.getCitizenCountryCode(), - Constants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth(), false); + EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth(), false); addEidasDocumentIfNotAvailable(result, ernpPersonToKitt, eidData.getCitizenCountryCode(), - Constants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName(), false); + EidasConstants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName(), false); return result; @@ -596,17 +597,17 @@ public class ErnpRestClient implements IErnpClient { private void buildNewEidasDocumens(PersonAnlegen ernpReq, SimpleEidasData eidData) { ernpReq.addEidasItem(buildNewEidasDocument(eidData.getCitizenCountryCode(), - Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER, eidData.getPseudonym())); + EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER, eidData.getPseudonym())); if (StringUtils.isNotEmpty(eidData.getPlaceOfBirth())) { ernpReq.addEidasItem(buildNewEidasDocument(eidData.getCitizenCountryCode(), - Constants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth())); + EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth())); } if (StringUtils.isNotEmpty(eidData.getBirthName())) { ernpReq.addEidasItem(buildNewEidasDocument(eidData.getCitizenCountryCode(), - Constants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName())); + EidasConstants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName())); } } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java index 8dbd0632..904afc37 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java @@ -31,6 +31,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenti import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ZmrCommunicationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.VersionHolder; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.gv.bmi.namespace.zmr_su.base._20040201.ClientInfoType; import at.gv.bmi.namespace.zmr_su.base._20040201.Organisation; import at.gv.bmi.namespace.zmr_su.base._20040201.RequestType; @@ -95,7 +96,7 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { private static final String PROCESS_TASK_UPDATE = "ZPR_VO_Person_aendern"; private static final String PROCESS_SEARCH_PERSONAL_IDENTIFIER = - "Searching " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER; + "Searching " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER; private static final String PROCESS_SEARCH_MDS_ONLY = "Searching with MDS only"; private static final String PROCESS_SEARCH_COUNTRY_SPECIFIC = "Searching {0} specific"; private static final String PROCESS_SEARCH_BY_RESIDENCE = "Searching by residence"; @@ -133,7 +134,7 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { req.setPersonSuchenRequest(searchPersonReq); final EidasSuchdatenType eidasInfos = new EidasSuchdatenType(); searchPersonReq.getEidasSuchdaten().add(eidasInfos); - eidasInfos.setEidasArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER); + eidasInfos.setEidasArt(EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER); eidasInfos.setEidasWert(personPseudonym); eidasInfos.setStaatscode2(citizenCountryCode); @@ -589,15 +590,15 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { // build result return RegisterResult.builder() .pseudonym(selectAllEidasDocument(person, citizenCountryCode, - Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER)) + EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER)) .familyName(person.getNatuerlichePerson().getPersonenName().getFamilienname()) .givenName(person.getNatuerlichePerson().getPersonenName().getVorname()) .dateOfBirth(person.getNatuerlichePerson().getGeburtsdatum()) .bpk(extractBpkZp(person.getNatuerlichePerson())) .placeOfBirth(selectSingleEidasDocument(person, citizenCountryCode, - Constants.eIDAS_ATTRURN_PLACEOFBIRTH)) + EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH)) .birthName(selectSingleEidasDocument(person, citizenCountryCode, - Constants.eIDAS_ATTRURN_BIRTHNAME)) + EidasConstants.eIDAS_ATTRURN_BIRTHNAME)) .build(); } @@ -765,19 +766,19 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { //TODO: maybe we should re-factor SimpleEidasData to a generic data-model to facilitate arbitrary eIDAS attributes Set<EidasIdentitaetAnlageType> result = new HashSet<>(); addEidasDocumentIfNotAvailable(result, zmrPersonToKitt, eidData.getCitizenCountryCode(), - Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER, eidData.getPseudonym(), true); + EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER, eidData.getPseudonym(), true); addEidasDocumentIfNotAvailable(result, zmrPersonToKitt, eidData.getCitizenCountryCode(), - Constants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth(), false); + EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth(), false); addEidasDocumentIfNotAvailable(result, zmrPersonToKitt, eidData.getCitizenCountryCode(), - Constants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName(), false); + EidasConstants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName(), false); // add MDS attributes as 'eIDAS-Documents' too, because ZMR does not allow a MDS update on regular places. addEidasDocumentIfNotAvailable(result, zmrPersonToKitt, eidData.getCitizenCountryCode(), - Constants.eIDAS_ATTRURN_CURRENTGIVENNAME, eidData.getGivenName(), false); + EidasConstants.eIDAS_ATTRURN_CURRENTGIVENNAME, eidData.getGivenName(), false); addEidasDocumentIfNotAvailable(result, zmrPersonToKitt, eidData.getCitizenCountryCode(), - Constants.eIDAS_ATTRURN_CURRENTFAMILYNAME, eidData.getFamilyName(), false); + EidasConstants.eIDAS_ATTRURN_CURRENTFAMILYNAME, eidData.getFamilyName(), false); addEidasDocumentIfNotAvailable(result, zmrPersonToKitt, eidData.getCitizenCountryCode(), - Constants.eIDAS_ATTRURN_DATEOFBIRTH, eidData.getDateOfBirth(), false); + EidasConstants.eIDAS_ATTRURN_DATEOFBIRTH, eidData.getDateOfBirth(), false); return result; diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index 60138027..8716f80d 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -31,6 +31,7 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasRespon import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.util.Arrays; import java.util.Base64; import java.util.Map; import java.util.regex.Matcher; @@ -47,8 +48,9 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ConnectorEidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; @@ -64,7 +66,7 @@ import lombok.extern.slf4j.Slf4j; public abstract class AbstractEidProcessor implements INationalEidProcessor { @Autowired - protected EidasAttributeRegistry attrRegistry; + protected ConnectorEidasAttributeRegistry attrRegistry; @Autowired protected IConfigurationWithSP basicConfig; @@ -80,28 +82,31 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { @Override public final SimpleEidasData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, EidasAttributeException { + SimpleEidasData.SimpleEidasDataBuilder builder = SimpleEidasData.builder() .personalIdentifier(EidasResponseUtils.processPersonalIdentifier( - eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))) + eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER))) // MDS attributes - .citizenCountryCode(processCountryCode(eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))) - .pseudonym(processPseudonym(eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))) - .familyName(processFamilyName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))) - .givenName(processGivenName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))) - .dateOfBirth(processDateOfBirthToString(eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))) + .citizenCountryCode(processCountryCode(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER))) + .pseudonym(processPseudonym(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER))) + .familyName(processFamilyName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME))) + .givenName(processGivenName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME))) + .dateOfBirth(processDateOfBirthToString(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_DATEOFBIRTH))) // additional attributes - .placeOfBirth(processPlaceOfBirth(eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))) - .birthName(processBirthName(eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))) - .address(processAddress(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); + .placeOfBirth(processPlaceOfBirth(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PLACEOFBIRTH))) + .birthName(processBirthName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_BIRTHNAME))) + .address(processAddress(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTADDRESS))); - if (eidasAttrMap.containsKey(Constants.eIDAS_ATTR_TAXREFERENCE)) { - builder.taxNumber(EidasResponseUtils.processTaxReference(eidasAttrMap.get(Constants.eIDAS_ATTR_TAXREFERENCE))); + if (eidasAttrMap.containsKey(EidasConstants.eIDAS_ATTR_TAXREFERENCE)) { + builder.taxNumber(EidasResponseUtils.processTaxReference( + eidasAttrMap.get(EidasConstants.eIDAS_ATTR_TAXREFERENCE))); } return builder.build(); + } @@ -124,6 +129,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected PostalAddressType processAddress(Object currentAddressObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processAddress(currentAddressObj); + } /** @@ -137,6 +143,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected String processBirthName(Object birthNameObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processBirthName(birthNameObj); + } /** @@ -150,6 +157,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected String processPlaceOfBirth(Object placeOfBirthObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processPlaceOfBirth(placeOfBirthObj); + } /** @@ -163,6 +171,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processDateOfBirth(dateOfBirthObj); + } /** @@ -176,6 +185,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected String processGivenName(Object givenNameObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processGivenName(givenNameObj); + } /** @@ -189,6 +199,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected String processFamilyName(Object familyNameObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processFamilyName(familyNameObj); + } /** @@ -202,13 +213,14 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected String processPseudonym(Object personalIdObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processPseudonym(personalIdObj); + } /** * Set ProviderName and RequestId into eIDAS AuthnRequest. * * @param pendingReq Current pendingRequest - * @param authnRequestBuilder AuthnREquest builer + * @param authnRequestBuilder AuthnRequest builder */ protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) { final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); @@ -258,6 +270,37 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { } } + /** + * Build LoA based on Service-Provider configuration. + * + * @param spConfig Current SP configuration + * @param authnRequestBuilder AuthnRequest builder + */ + protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { + // TODO: set matching mode if eIDAS ref. impl. support this method + + // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA + // schemes + String loa = EaafConstants.EIDAS_LOA_HIGH; + if (spConfig.getRequiredLoA() != null) { + if (spConfig.getRequiredLoA().isEmpty()) { + log.info("No eIDAS LoA requested. Use LoA HIGH as default"); + } else { + if (spConfig.getRequiredLoA().size() > 1) { + log.info( + "Currently only ONE requested LoA is supported for service provider. Use first one ... "); + } + + loa = spConfig.getRequiredLoA().get(0); + + } + } + + log.debug("Request eIdAS node with LoA: " + loa); + authnRequestBuilder.levelsOfAssuranceValues(Arrays.asList(loa)); + + } + private String generateRequesterId(String requesterId) { if (requesterId != null && basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) { @@ -302,7 +345,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { final ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder(); for (final Map.Entry<String, Boolean> attribute : requiredAttributes.entrySet()) { final String name = attribute.getKey(); - final ImmutableSortedSet<AttributeDefinition<?>> byFriendlyName = attrRegistry + final ImmutableSortedSet<AttributeDefinition<?>> byFriendlyName = attrRegistry.getCoreRegistry() .getCoreAttributeRegistry().getByFriendlyName(name); if (!byFriendlyName.isEmpty()) { final AttributeDefinition<?> attributeDefinition = byFriendlyName.first(); @@ -318,30 +361,4 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { } - protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { - - // TODO: set matching mode if eIDAS ref. impl. support this method - - // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA - // schemes - String loa = EaafConstants.EIDAS_LOA_HIGH; - if (spConfig.getRequiredLoA() != null) { - if (spConfig.getRequiredLoA().isEmpty()) { - log.info("No eIDAS LoA requested. Use LoA HIGH as default"); - } else { - if (spConfig.getRequiredLoA().size() > 1) { - log.info( - "Currently only ONE requested LoA is supported for service provider. Use first one ... "); - } - - loa = spConfig.getRequiredLoA().get(0); - - } - } - - log.debug("Request eIdAS node with LoA: " + loa); - authnRequestBuilder.levelOfAssurance(loa); - - } - } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java index 6dc08181..2c1e8fdd 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java @@ -32,10 +32,10 @@ import org.apache.commons.codec.binary.Hex; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.gv.egiz.eaaf.core.impl.data.Triple; @@ -70,15 +70,15 @@ public class DeEidProcessor extends AbstractEidProcessor { protected String processPseudonym(Object uniqeIdentifierObj) throws EidPostProcessingException, EidasAttributeException { if (uniqeIdentifierObj == null || !(uniqeIdentifierObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER); } final Triple<String, String, String> eIdentifier = EidasResponseUtils.parseEidasPersonalIdentifier((String) uniqeIdentifierObj); - log.trace(getName() + " starts processing of attribute: " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + log.trace(getName() + " starts processing of attribute: " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER); final String result = convertDeIdentifier(eIdentifier.getThird()); - log.debug(getName() + " finished processing of attribute: " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + log.debug(getName() + " finished processing of attribute: " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER); return result; diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java index e05fe86b..64db9eed 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java @@ -27,6 +27,7 @@ import org.apache.commons.lang3.StringUtils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType; import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; import at.gv.e_government.reference.namespace.persondata.de._20040201.NatuerlichePersonTyp; @@ -62,9 +63,9 @@ public class DeSpecificDetailSearchProcessor implements CountrySpecificDetailSea //add addtional eIDAS attributes from DE req.getEidasSuchdaten().add(buildEidasSuchData( - Constants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth())); + EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth())); req.getEidasSuchdaten().add(buildEidasSuchData( - Constants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName())); + EidasConstants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName())); return req; diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java index b5493edb..bbfcb5ff 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java @@ -32,7 +32,6 @@ import java.util.Map.Entry; import javax.annotation.PostConstruct; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -40,11 +39,12 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.INationalEidProcessor; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.impl.data.Triple; import eu.eidas.auth.commons.light.impl.LightRequest.Builder; @@ -107,9 +107,9 @@ public class CcSpecificEidProcessingService implements ICcSpecificEidProcessingS public SimpleEidasData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, EidasAttributeException { // extract citizen country from eIDAS unique identifier - final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + final Object eIdentifierObj = eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER); if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER); } final Triple<String, String, String> eIdentifier = diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ConnectorEidasAttributeRegistry.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ConnectorEidasAttributeRegistry.java new file mode 100644 index 00000000..8a120093 --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ConnectorEidasAttributeRegistry.java @@ -0,0 +1,107 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; + +import java.text.MessageFormat; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class ConnectorEidasAttributeRegistry { + + @Autowired IConfigurationWithSP basicConfig; + + @Getter + private EidasAttributeRegistry coreRegistry; + + /** + * Attribute Registry for eIDAS Connector implementation. + * @param registry Core attribute registry + */ + public ConnectorEidasAttributeRegistry(@Autowired EidasAttributeRegistry registry) { + this.coreRegistry = registry; + + } + + + /** + * Get Map of attributes that are requested by default. + * + * @return Map of AttributeIdentifier, isRequired flag + */ + @NonNull + public Map<String, Boolean> getDefaultAttributeSetFromConfiguration() { + /* + * TODO: select set for representation if mandates should be used. It's an open + * task in respect to requested eIDAS attributes and isRequired flag, because + * there can be a decision problem in case of natural or legal person + * representation! From an Austrian use-case point of view, an Austrian service + * provider can support mandates for natural and legal persons at the same time. + * However, we CAN NOT request attributes for natural AND legal persons on the + * same time, because it's not possible to represent both simultaneously. + */ + final Map<String, String> configAttributes = + basicConfig.getBasicConfigurationWithPrefix( + Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL); + return processAttributeInfosFromConfig(configAttributes); + + } + + /** + * Get a Map of attributes that are additionally requested for a specific country. + * + * @param countryCode Country Code + * @return Map of AttributeIdentifier, isRequired flag + */ + @NonNull + public Map<String, Boolean> getAttributeSetFromConfiguration(String countryCode) { + + /* + * TODO: select set for representation if mandates should be used. It's an open + * task in respect to requested eIDAS attributes and isRequired flag, because + * there can be a decision problem in case of natural or legal person + * representation! From an Austrian use-case point of view, an Austrian service + * provider can support mandates for natural and legal persons at the same time. + * However, we CAN NOT request attributes for natural AND legal persons on the + * same time, because it's not possible to represent both simultaneously. + */ + final Map<String, String> configAttributes = + basicConfig.getBasicConfigurationWithPrefix( + MessageFormat.format( + Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL, + countryCode.toLowerCase())); + return processAttributeInfosFromConfig(configAttributes); + + } + + private Map<String, Boolean> processAttributeInfosFromConfig(Map<String, String> configAttributes) { + + final Map<String, Boolean> result = new HashMap<>(); + for (final String el : configAttributes.values()) { + if (StringUtils.isNotEmpty(el.trim())) { + final List<String> attrDef = KeyValueUtils.getListOfCsvValues(el.trim()); + boolean isRequired = false; + if (attrDef.size() == 2) { + isRequired = Boolean.parseBoolean(attrDef.get(1)); + } + + result.put(attrDef.get(0), isRequired); + + } + } + + log.trace("Load #" + result.size() + " requested attributes from configuration"); + return result; + + } +} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java deleted file mode 100644 index e73491ab..00000000 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; - -import java.io.File; -import java.text.MessageFormat; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.annotation.PostConstruct; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.lang.NonNull; -import org.springframework.stereotype.Service; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; -import eu.eidas.auth.commons.attribute.AttributeRegistries; -import eu.eidas.auth.commons.attribute.AttributeRegistry; - -@Service("attributeRegistry") -public class EidasAttributeRegistry { - private static final Logger log = LoggerFactory.getLogger(EidasAttributeRegistry.class); - @Autowired - private IConfigurationWithSP basicConfig; - - private AttributeRegistry coreAttributeRegistry; - - private String eidasAttributesFile; - private String additionalAttributesFile; - - @PostConstruct - private void initialize() throws RuntimeException { - try { - if (eidasAttributesFile.isEmpty()) { - log.error("Basic eIDAS addribute definition NOT defined"); - throw new EaafConfigurationException("config.30", - new Object[] { "eidas-attributes.xml" }); - - } - - boolean additionalAttrAvailabe = false; - if (!additionalAttributesFile.isEmpty()) { - final File file = new File(additionalAttributesFile); - if (file.exists()) { - additionalAttrAvailabe = true; - } - - } - - if (!additionalAttrAvailabe) { - log.info("Start eIDAS ref. impl. Core without additional eIDAS attribute definitions ... "); - coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null); - - } else { - // load attribute definitions - log.info("Start eIDAS ref. impl. Core with additional eIDAS attribute definitions ... "); - coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null, - additionalAttributesFile); - - } - - } catch (final Throwable e) { - log.error("Can NOT initialize eIDAS attribute definition.", e); - throw new RuntimeException("Can NOT initialize eIDAS attribute definition.", e); - - } - } - - public AttributeRegistry getCoreAttributeRegistry() { - return coreAttributeRegistry; - } - - /** - * Get Map of attributes that are requested by default. - * - * @return Map of AttributeIdentifier, isRequired flag - */ - @NonNull - public Map<String, Boolean> getDefaultAttributeSetFromConfiguration() { - /* - * TODO: select set for representation if mandates should be used. It's an open - * task in respect to requested eIDAS attributes and isRequired flag, because - * there can be a decision problem in case of natural or legal person - * representation! From an Austrian use-case point of view, an Austrian service - * provider can support mandates for natural and legal persons at the same time. - * However, we CAN NOT request attributes for natural AND legal persons on the - * same time, because it's not possible to represent both simultaneously. - */ - final Map<String, String> configAttributes = - basicConfig.getBasicConfigurationWithPrefix( - Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL); - return processAttributeInfosFromConfig(configAttributes); - - } - - /** - * Get a Map of attributes that are additionally requested for a specific country. - * - * @param countryCode Country Code - * @return Map of AttributeIdentifier, isRequired flag - */ - @NonNull - public Map<String, Boolean> getAttributeSetFromConfiguration(String countryCode) { - - /* - * TODO: select set for representation if mandates should be used. It's an open - * task in respect to requested eIDAS attributes and isRequired flag, because - * there can be a decision problem in case of natural or legal person - * representation! From an Austrian use-case point of view, an Austrian service - * provider can support mandates for natural and legal persons at the same time. - * However, we CAN NOT request attributes for natural AND legal persons on the - * same time, because it's not possible to represent both simultaneously. - */ - final Map<String, String> configAttributes = - basicConfig.getBasicConfigurationWithPrefix( - MessageFormat.format( - Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL, - countryCode.toLowerCase())); - return processAttributeInfosFromConfig(configAttributes); - - } - - private Map<String, Boolean> processAttributeInfosFromConfig(Map<String, String> configAttributes) { - - final Map<String, Boolean> result = new HashMap<>(); - for (final String el : configAttributes.values()) { - if (StringUtils.isNotEmpty(el.trim())) { - final List<String> attrDef = KeyValueUtils.getListOfCsvValues(el.trim()); - boolean isRequired = false; - if (attrDef.size() == 2) { - isRequired = Boolean.parseBoolean(attrDef.get(1)); - } - - result.put(attrDef.get(0), isRequired); - - } - } - - log.trace("Load #" + result.size() + " requested attributes from configuration"); - return result; - - } - - public void setEidasAttributesFile(String eidasAttributesFile) { - this.eidasAttributesFile = eidasAttributesFile; - } - - public void setAdditionalAttributesFile(String additionalAttributesFile) { - this.additionalAttributesFile = additionalAttributesFile; - } - -} diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index f3e2adc4..2379f39e 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -146,6 +146,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } + private void storeGenericInfoToSession(SimpleEidasData eidData) throws EaafStorageException { AuthProcessDataWrapper authProcessData = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq); authProcessData.setForeigner(true); diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index 849f8136..535c2958 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -44,6 +44,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -122,7 +123,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); workaroundRelayState(lightAuthnReq); final String forwardUrl = selectForwardUrl(environment); - + String configValue = basicConfig.getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD, Constants.FORWARD_METHOD_GET); boolean useHttpRedirect = configValue.equals(Constants.FORWARD_METHOD_GET); @@ -131,6 +132,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } else { sendPost(request, response, tokenBase64, forwardUrl); + } revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.EIDAS_NODE_CONNECTED, lightAuthnReq.getId()); @@ -212,19 +214,20 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { @NotNull private String selectForwardUrl(String environment) throws EaafConfigurationException { - String result = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); + String result = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL); if (StringUtils.isNotEmpty(environment)) { result = selectedForwardUrlForEnvironment(environment); } if (StringUtils.isEmpty(result)) { log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops"); throw new EaafConfigurationException("config.08", new Object[]{ - environment == null ? Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL - : Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + "." + environment + environment == null ? Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + : Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + "." + environment }); } log.debug("ForwardURL: {} selected to forward eIDAS request", result); return result; + } @@ -256,19 +259,27 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { private String selectedForwardUrlForEnvironment(String environment) { log.trace("Starting endpoint selection process for environment: {} ... ", environment); if (environment.equalsIgnoreCase(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION)) { - return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); + return basicConfig.getBasicConfiguration(EidasConstants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL); + } else if (environment.equalsIgnoreCase(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS)) { - return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + return basicConfig.getBasicConfiguration(EidasConstants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS); - } else if (environment.equalsIgnoreCase(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING)) { - return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + } else if (environment.equalsIgnoreCase( + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING)) { + return basicConfig.getBasicConfiguration(EidasConstants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING); - } else if (environment.equalsIgnoreCase(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT)) { - return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + } else if (environment.equalsIgnoreCase( + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT)) { + return basicConfig.getBasicConfiguration(EidasConstants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT); + } + log.info("Environment selector: {} is not supported", environment); return null; + } private void sendRedirect(HttpServletResponse response, String tokenBase64, String forwardUrl) throws IOException { @@ -283,11 +294,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { throws GuiBuildException { log.debug("Use http-post for eIDAS node forwarding ... "); final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( - basicConfig, pendingReq, Constants.TEMPLATE_POST_FORWARD_NAME, null, resourceLoader); - config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardUrl); + basicConfig, pendingReq, EidasConstants.TEMPLATE_POST_FORWARD_NAME, null, resourceLoader); + config.putCustomParameter(null, EidasConstants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardUrl); String token = EidasParameterKeys.TOKEN.toString(); - config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, token); - config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, tokenBase64); + config.putCustomParameter(null, EidasConstants.TEMPLATE_POST_FORWARD_TOKEN_NAME, token); + config.putCustomParameter(null, EidasConstants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, tokenBase64); guiBuilder.build(request, response, config, "Forward to eIDASNode form"); } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java index 09ef0129..403c3355 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java @@ -158,6 +158,7 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractLocaleAuthS } else { log.debug("Find single match by using residence information. Starting data validation ... "); compareSearchResultWithInitialData(residencyResult, eidasData); + executionContext.put(TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, false); } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java index d2bd0128..ac70a2ac 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java @@ -39,8 +39,9 @@ import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.validator.EidasResponseValidator; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; +import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -135,7 +136,7 @@ public class ReceiveAuthnResponseAlternativeTask extends AbstractAuthServletTask } private void checkStatusCode(ILightResponse eidasResponse) throws EidasSAuthenticationException { - if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) { + if (!eidasResponse.getStatus().getStatusCode().equals(EidasConstants.SUCCESS_URI)) { log.info("Receive eIDAS Response with StatusCode: {} Subcode: {} Msg: {}", eidasResponse.getStatus().getStatusCode(), eidasResponse.getStatus().getSubStatusCode(), diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java index 5e4075de..a16da17f 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java @@ -40,8 +40,9 @@ import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.validator.EidasResponseValidator; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; +import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -162,17 +163,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { return eidasResponse; } + private void checkStatusCode(ILightResponse eidasResponse) throws EidasSAuthenticationException { - if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) { + if (!eidasResponse.getStatus().getStatusCode().equals(EidasConstants.SUCCESS_URI)) { log.info("Receive eIDAS Response with StatusCode: {} Subcode: {} Msg: {}", eidasResponse.getStatus().getStatusCode(), eidasResponse.getStatus().getSubStatusCode(), eidasResponse.getStatus().getStatusMessage()); throw new EidasSAuthenticationException("eidas.02", new Object[]{eidasResponse.getStatus() .getStatusCode(), eidasResponse.getStatus().getStatusMessage()}); + } } + private void validateMsSpecificResponse(ExecutionContext executionContext, ILightResponse eidasResponse) throws EidasValidationException { final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java index 2853d8ab..91a6ce42 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -38,8 +38,8 @@ import org.joda.time.DateTime; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import at.gv.egiz.eaaf.core.impl.data.Triple; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -84,8 +84,9 @@ public class EidasResponseUtils { */ public static Triple<String, String, String> parseEidasPersonalIdentifier(String uniqueID) { if (!validateEidasPersonalIdentifier(uniqueID)) { - log.error("eIDAS attribute value for {} looks wrong formated. Value: {}", - Constants.eIDAS_ATTR_PERSONALIDENTIFIER, uniqueID); + log.error("eIDAS attribute value for {} looks wrong formated. Value: {}", + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, uniqueID); + return null; } @@ -210,11 +211,11 @@ public class EidasResponseUtils { // TODO: add more mappings return result; } else { - log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); - throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS); + log.warn("eIDAS attr: " + EidasConstants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_CURRENTADDRESS); } } else { - log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); + log.debug("NO '" + EidasConstants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); } return null; } @@ -231,11 +232,11 @@ public class EidasResponseUtils { if (birthNameObj instanceof String) { return (String) birthNameObj; } else { - log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); - throw new EidasAttributeException(Constants.eIDAS_ATTR_BIRTHNAME); + log.warn("eIDAS attr: " + EidasConstants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_BIRTHNAME); } } else { - log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); + log.debug("NO '" + EidasConstants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); } return null; } @@ -253,13 +254,13 @@ public class EidasResponseUtils { return (String) placeOfBirthObj; } else { - log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_PLACEOFBIRTH + " is of WRONG type"); - throw new EidasAttributeException(Constants.eIDAS_ATTR_PLACEOFBIRTH); + log.warn("eIDAS attr: " + EidasConstants.eIDAS_ATTR_PLACEOFBIRTH + " is of WRONG type"); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_PLACEOFBIRTH); } } else { - log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); + log.debug("NO '" + EidasConstants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); } return null; } @@ -273,7 +274,7 @@ public class EidasResponseUtils { */ public static DateTime processDateOfBirth(Object dateOfBirthObj) throws EidasAttributeException { if (!(dateOfBirthObj instanceof DateTime)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_DATEOFBIRTH); } return (DateTime) dateOfBirthObj; } @@ -291,11 +292,11 @@ public class EidasResponseUtils { new SimpleDateFormat("yyyy-MM-dd").parse((String) dateOfBirthObj); return (String) dateOfBirthObj; } catch (ParseException e) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_DATEOFBIRTH); } } if (!(dateOfBirthObj instanceof DateTime)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_DATEOFBIRTH); } return new SimpleDateFormat("yyyy-MM-dd").format(((DateTime) dateOfBirthObj).toDate()); } @@ -309,7 +310,7 @@ public class EidasResponseUtils { */ public static String processGivenName(Object givenNameObj) throws EidasAttributeException { if (!(givenNameObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME); } return (String) givenNameObj; } @@ -323,7 +324,7 @@ public class EidasResponseUtils { */ public static String processFamilyName(Object familyNameObj) throws EidasAttributeException { if (!(familyNameObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME); } return (String) familyNameObj; } @@ -337,7 +338,7 @@ public class EidasResponseUtils { */ public static String processPersonalIdentifier(Object personalIdentifierObj) throws EidasAttributeException { if (!(personalIdentifierObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER); } return (String) personalIdentifierObj; } @@ -352,7 +353,7 @@ public class EidasResponseUtils { */ public static String processPseudonym(Object personalIdObj) throws EidasAttributeException { if (!(personalIdObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER); } final Triple<String, String, String> eIdentifier = EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj); @@ -371,7 +372,7 @@ public class EidasResponseUtils { */ public static String processCountryCode(Object personalIdObj) throws EidasAttributeException { if (!(personalIdObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER); } final Triple<String, String, String> eIdentifier = EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj); @@ -390,7 +391,7 @@ public class EidasResponseUtils { */ public static String processTaxReference(Object taxReferenceObj) throws EidasAttributeException { if (!(taxReferenceObj instanceof String)) { - throw new EidasAttributeException(Constants.eIDAS_ATTR_TAXREFERENCE); + throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_TAXREFERENCE); } return (String) taxReferenceObj; } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java index 9d9a0647..d1962654 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java @@ -31,10 +31,10 @@ import org.slf4j.LoggerFactory; import com.google.common.collect.ImmutableSet; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; +import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.impl.data.Triple; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -97,7 +97,7 @@ public class EidasResponseValidator { *_____________________________________________________| */ final AttributeDefinition<?> attrDefinition = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); final ImmutableSet<? extends AttributeValue<?>> attributeValues = eidasResponse.getAttributes() .getAttributeMap().get(attrDefinition); final List<String> personalIdObj = EidasResponseUtils.translateStringListAttribute(attrDefinition, @@ -123,48 +123,48 @@ public class EidasResponseValidator { if (split == null) { throw new EidasValidationException("eidas.07", new Object[] { - Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, "Wrong identifier format" }); } else { // validation according to eIDAS SAML Attribute Profile, Section 2.2.3 if (StringUtils.isEmpty(split.getSecond())) { - log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + log.warn("eIDAS attribute value for " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER + " includes NO destination country. Value:" + natPersId); throw new EidasValidationException("eidas.07", new Object[] { - Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, "No or empty destination country" }); } if (!split.getSecond().equalsIgnoreCase(spCountry)) { - log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + log.warn("eIDAS attribute value for " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER + " includes wrong destination country. Value:" + natPersId + " SP-Country:" + spCountry); throw new EidasValidationException("eidas.07", new Object[] { - Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, "Destination country does not match to SP country" }); } if (StringUtils.isEmpty(split.getFirst())) { - log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + log.warn("eIDAS attribute value for " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER + " includes NO citizen country. Value:" + natPersId); throw new EidasValidationException("eidas.07", new Object[] { - Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, "No or empty citizen country" }); } if (!split.getFirst().equalsIgnoreCase(citizenCountryCode)) { - log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + log.warn("eIDAS attribute value for " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER + " includes a citizen country that does not match to service-provider country. " + " Value:" + natPersId + " citiczen Country:" + spCountry); throw new EidasValidationException("eidas.07", new Object[] { - Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, "Citizen country does not match to eIDAS-node country that generates the response" }); } |