From 9b7b67ee1b3c00a3760e09c05fa9e65d4a4e80fa Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 24 Jul 2018 06:39:34 +0200 Subject: update countrySelectionProcess to support more than one eIDAS Nodes for different production stages. This is required, because eIDAS Ref. Impl. 2.0 and 2.1 supports only one countryCode each instance. --- .gitignore | 2 +- .../tasks/EvaluateCountrySelectionTask.java | 11 ++-- .../properties/external_statuscodes_map.properties | 1 + .../properties/status_messages_en.properties | 1 + .../specific/connector/MSeIDASNodeConstants.java | 11 ++++ .../modules/authmodule_eIDASv2/Constants.java | 1 - .../eIDASAuthenticationModulImpl.java | 5 +- .../tasks/GenerateAuthnRequestTask.java | 59 +++++++++++++++++++--- 8 files changed, 76 insertions(+), 15 deletions(-) diff --git a/.gitignore b/.gitignore index 16a0a262..c845808d 100644 --- a/.gitignore +++ b/.gitignore @@ -9,4 +9,4 @@ target .classpath .directory .checkstyle -/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/version.txt +notCommit diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java index ff3dc252..4ae97acf 100644 --- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java +++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java @@ -45,10 +45,13 @@ public class EvaluateCountrySelectionTask extends AbstractAuthServletTask { while(reqParamNames.hasMoreElements()) { String paramName = reqParamNames.nextElement(); if (StringUtils.isNotEmpty(paramName) && - !EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) - executionContext.put(paramName, - StringEscapeUtils.escapeHtml(request.getParameter(paramName))); - + !EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) { + for (String el : MSeIDASNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST) { + if (el.equalsIgnoreCase(paramName)) + executionContext.put(paramName, + StringEscapeUtils.escapeHtml(request.getParameter(paramName))); + } + } } log.info("Country selection finished. Starting auth. process for country ... "); diff --git a/connector/src/main/resources/properties/external_statuscodes_map.properties b/connector/src/main/resources/properties/external_statuscodes_map.properties index d2e2dab4..cf26832b 100644 --- a/connector/src/main/resources/properties/external_statuscodes_map.properties +++ b/connector/src/main/resources/properties/external_statuscodes_map.properties @@ -68,5 +68,6 @@ internal.02=9101 internal.03=9199 internal.04=9101 +config.08=9008 config.27=9008 config.30=9008 \ No newline at end of file diff --git a/connector/src/main/resources/properties/status_messages_en.properties b/connector/src/main/resources/properties/status_messages_en.properties index a6985d0f..e09f3691 100644 --- a/connector/src/main/resources/properties/status_messages_en.properties +++ b/connector/src/main/resources/properties/status_messages_en.properties @@ -66,5 +66,6 @@ internal.02=Internal error. Can not access data cache. internal.03=Internal error. Can not initialize a cryptographic method. internal.04=Internal error. Can not access data cache (Reason: {0}). +config.08=Configuration value: {0} is missing. config.27=Configuration parameter processing failed. Reason: {0} config.30=External configuration not found. File: {0} diff --git a/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java index 68c39a53..74ef993c 100644 --- a/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java +++ b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java @@ -2,6 +2,9 @@ *******************************************************************************/ package at.gv.egiz.eidas.specific.connector; +import java.util.Arrays; +import java.util.List; + import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; public class MSeIDASNodeConstants { @@ -63,11 +66,19 @@ public class MSeIDASNodeConstants { // ************ execution context and generic data ************ public static final String REQ_PARAM_SELECTED_COUNTRY = "selectedCountry"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT = "selectedEnvironment"; public static final String REQ_PARAM_STOP_PROCESS = "stopAuthProcess"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION = "prod"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS = "qs"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING = "test"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT = "dev"; + public static final String DATA_REQUESTERID = "req_requesterId"; public static final String DATA_PROVIDERNAME = "req_providerName"; public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; + public static final List COUNTRY_SELECTION_PARAM_WHITELIST = + Arrays.asList(REQ_PARAM_SELECTED_COUNTRY, REQ_PARAM_SELECTED_ENVIRONMENT); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java index b1cd128f..beb3cce7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java @@ -11,7 +11,6 @@ import at.gv.egiz.eaaf.core.api.data.EAAFConstants; public class Constants { - public static final String EXECUTIONCONTEXT_SELECTED_COUNTRY = "selectedCountry"; public static final String DATA_REQUESTERID = "req_requesterId"; public static final String DATA_PROVIDERNAME = "req_providerName"; public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java index fef9cbfa..c41559b8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java @@ -6,6 +6,7 @@ import org.apache.commons.lang3.StringUtils; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants; /** * @author tlenz @@ -33,8 +34,8 @@ public class eIDASAuthenticationModulImpl implements AuthModule { */ @Override public String selectProcess(ExecutionContext context) { - if (StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)) || - StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY))) + if (StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY)) || + StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY))) return "eIDASAuthentication_v2"; else return null; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java index d65ce72f..e9a7a190 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java @@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eidas.specific.connector.MSConnectorEventCodes; +import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants; import at.gv.egiz.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants; import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; @@ -70,9 +71,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //get service-provider configuration ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); - // get target and validate citizen countryCode - String citizenCountryCode = (String) executionContext.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY); - + // get target, environment and validate citizen countryCode + String citizenCountryCode = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + String environment = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT); + if (StringUtils.isEmpty(citizenCountryCode)) { // illegal state; task should not have been executed without a selected country throw new eIDASAuthenticationException("eidas.03", new Object[] { "" }); @@ -179,6 +181,18 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } + //select forward URL regarding the selected environment + String forwardURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); + if (StringUtils.isNotEmpty(environment)) + forwardURL = selectedForwardURLForEnvironment(environment); + + if (StringUtils.isEmpty(forwardURL)) { + log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops"); + throw new EAAFConfigurationException("config.08", new Object[] {Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL}); + + } + log.debug("ForwardURL: " + forwardURL + " selected to forward eIDAS request"); + if (basicConfig.getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD, Constants.FORWARD_METHOD_GET @@ -186,7 +200,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { log.debug("Use http-redirect for eIDAS node forwarding ... "); //send redirect - UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL)); + UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardURL); redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); response.sendRedirect(redirectUrl.build().encode().toString()); @@ -198,8 +212,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { Constants.TEMPLATE_POST_FORWARD_NAME, null); - config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL)); + config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL); config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, EidasParameterKeys.TOKEN.toString()); config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, @@ -223,7 +236,39 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } - private ImmutableAttributeMap translateToEidasAttributes(final Map requiredAttributes) { + /** + * Select a forward URL from configuration for a specific environment + *

+ * Info: This method is needed, because eIDAS Ref. Impl only supports one countrycode on each instance. + * In consequence, more than one eIDAS Ref. Impl nodes are required to support producation, testing, or QS stages + * for one country by using one ms-specific eIDAS connector + * + * @param environment Environment selector from CountrySlection page + * @return + */ + private String selectedForwardURLForEnvironment(String environment) { + log.trace("Starting endpoint selection process for environment: " + environment + " ... "); + if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION)) + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); + + else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS)) + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS); + + else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING)) + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING); + + else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT)) + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT); + + log.info("Environment selector: " + environment + " is not supported"); + return null; + + } + + private ImmutableAttributeMap translateToEidasAttributes(final Map requiredAttributes) { ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder(); for (Map.Entry attribute : requiredAttributes.entrySet()) { final String name = attribute.getKey(); -- cgit v1.2.3