From fda1a8333b9bd11d0457125c3156a39f03d74bd6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 2 Aug 2019 12:02:35 +0200 Subject: Refactoring to eIDASNode 2.2, eaaf-components 1.0.8 --- .../builder/AuthenticationDataBuilder.java | 21 +++++++++++++- .../connector/controller/MonitoringController.java | 4 +-- .../controller/ProcessEngineSignalController.java | 3 +- .../specific/connector/logger/RevisionLogger.java | 2 +- .../specific/connector/mapper/LoALevelMapper.java | 5 ++++ .../tasks/GenerateCountrySelectionFrameTask.java | 4 +-- .../connector/provider/PVPMetadataProvider.java | 4 +-- .../resources/specific_eIDAS_connector.beans.xml | 8 ++++++ .../config/BasicConfigurationProvider.java | 4 +-- .../connector/gui/DefaultGUIBuilderImpl.java | 11 ++++---- .../gui/GUIBuilderConfigurationFactory.java | 3 +- .../gui/StaticGuiBuilderConfiguration.java | 32 ++++++++++++---------- eidas_modules/authmodule-eIDAS-v2/pom.xml | 6 ++-- .../authmodule_eIDASv2/eIDASSignalServlet.java | 5 ++-- .../service/eIDASAttributeRegistry.java | 2 +- .../modules/authmodule_eIDASv2/szr/SZRClient.java | 4 +-- .../tasks/CreateIdentityLinkTask.java | 14 +++++----- .../tasks/GenerateAuthnRequestTask.java | 12 ++++---- .../tasks/ReceiveAuthnResponseTask.java | 4 ++- .../validator/eIDASResponseValidator.java | 8 +++--- pom.xml | 22 +++++++-------- 21 files changed, 109 insertions(+), 69 deletions(-) diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index e14205b9..07103ff2 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -39,6 +39,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; import at.gv.egiz.eaaf.core.exceptions.XPathException; import at.gv.egiz.eaaf.core.impl.data.Pair; @@ -57,7 +58,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder AuthenticationData authData = new AuthenticationData(); try { - generateBasicAuthData(authData, pendingReq, authProcessData); + generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); //set specific informations authData.setSsoSessionValidTo(new Date(new Date().getTime() @@ -74,6 +75,24 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } + @Override + protected IAuthData buildDeprecatedAuthData(IRequest arg0) throws EAAFException { + // TODO Auto-generated method stub + return null; + } + + @Override + protected void buildServiceSpecificAuthenticationData(IAuthData arg0, IRequest arg1) throws EAAFException { + // TODO Auto-generated method stub + + } + + @Override + protected IAuthData getAuthDataInstance(IRequest arg0) throws EAAFException { + return new AuthenticationData(); + + } + @Override protected Pair buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException { //TODO: check if bPK already exists diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/MonitoringController.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/MonitoringController.java index ede992c1..37602a67 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/MonitoringController.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/MonitoringController.java @@ -176,8 +176,8 @@ public class MonitoringController { private String testConfig( ) throws Exception { try { - if (config.getFullConfigurationProperties() != null - && config.getFullConfigurationProperties().size() > 0) + if (config.getBasicConfigurationWithPrefix(MSeIDASNodeConstants.PROP_CONFIG_SP_LIST_PREFIX) != null + && config.getBasicConfigurationWithPrefix(MSeIDASNodeConstants.PROP_CONFIG_SP_LIST_PREFIX).size() > 0) return TEST_CONFIG + MESSAGE_OK; else diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java index 848eaa85..f7367849 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java @@ -32,6 +32,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; /** @@ -44,7 +45,7 @@ public class ProcessEngineSignalController extends AbstractProcessEngineSignalCo @RequestMapping(value = {MSeIDASNodeConstants.ENDPOINT_COUNTRYSELECTION }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/RevisionLogger.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/RevisionLogger.java index 8b558118..0a50039e 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/RevisionLogger.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/RevisionLogger.java @@ -85,7 +85,7 @@ public class RevisionLogger extends EventLogFactory implements IRevisionLogger { try { if (event.getEventCode() >= 1100) { if ( (event.getEventCode() == EventConstants.TRANSACTION_IP) - && !basicConfig.getBasicMOAIDConfigurationBoolean( + && !basicConfig.getBasicConfigurationBoolean( MSeIDASNodeConstants.PROP_CONFIG_REVISIONLOG_LOG_IP_ADDRESS_OF_USER, true) ) { log.trace("Ignore Event: " + event.getEventCode() + " because IP adresse logging prohibited"); return; diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/mapper/LoALevelMapper.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/mapper/LoALevelMapper.java index 08d2ae80..a0b3c695 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/mapper/LoALevelMapper.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/mapper/LoALevelMapper.java @@ -53,4 +53,9 @@ public class LoALevelMapper implements ILoALevelMapper{ } + @Override + public String mapeIDASQAAToSTORKQAA(String eidasqaaLevel) { + return null; + } + } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java index 078ca8e9..a707c827 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java @@ -64,8 +64,8 @@ public class GenerateCountrySelectionFrameTask extends AbstractAuthServletTask { pendingReq, MSeIDASNodeConstants.TEMPLATE_HTML_COUNTRYSELECTION, MSeIDASNodeConstants.ENDPOINT_COUNTRYSELECTION); - - guiBuilder.build(response, config, "BKU-Selection form"); + + guiBuilder.build(request, response, config, "BKU-Selection form"); } catch (GUIBuildException e) { log.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage()); diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PVPMetadataProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PVPMetadataProvider.java index f1ee3a14..9be87a95 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PVPMetadataProvider.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PVPMetadataProvider.java @@ -132,14 +132,14 @@ public class PVPMetadataProvider extends AbstractChainingMetadataProvider{ private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, String trustStoreUrl, String trustStorePassword) throws CertificateException, PVP2MetadataException{ MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.getFilters().add(new SchemaValidationFilter( - basicConfig.getBasicMOAIDConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_SCHEME_VALIDATION, true))); + basicConfig.getBasicConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_SCHEME_VALIDATION, true))); filterChain.getFilters().add( new MetadataSignatureVerificationFilter( trustStoreUrl, trustStorePassword, metadataURL)); filterChain.getFilters().add(new PVPEntityCategoryFilter( - basicConfig.getBasicMOAIDConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES, true))); + basicConfig.getBasicConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES, true))); return filterChain; } diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index 01be5ab7..a1abca76 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -70,6 +70,14 @@ + + + + + + diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java index 35b07299..4793e085 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java @@ -55,7 +55,7 @@ public class BasicConfigurationProvider extends AbstractConfigurationImpl{ public ISPConfiguration getServiceProviderConfiguration(String entityId) throws EAAFConfigurationException { if (!spConfigCache.containsKey(entityId)) { log.debug("SP: " + entityId + " is NOT cached. Starting load operation ... "); - Map allSPs = getBasicMOAIDConfigurationWithPrefix(MSeIDASNodeConstants.PROP_CONFIG_SP_LIST_PREFIX); + Map allSPs = getBasicConfigurationWithPrefix(MSeIDASNodeConstants.PROP_CONFIG_SP_LIST_PREFIX); for (String key : allSPs.keySet()) { if (key.endsWith(MSeIDASNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) && allSPs.get(key).equals(entityId)) { @@ -114,7 +114,7 @@ public class BasicConfigurationProvider extends AbstractConfigurationImpl{ if (urlPrefixFromConfig.endsWith("/")) urlPrefixFromConfig = urlPrefixFromConfig.substring(0, urlPrefixFromConfig.length()-1); - if (getBasicMOAIDConfigurationBoolean( + if (getBasicConfigurationBoolean( MSeIDASNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION, false)) { if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig)) return urlPrefixFromConfig; diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/DefaultGUIBuilderImpl.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/DefaultGUIBuilderImpl.java index 082d6993..f4049267 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/DefaultGUIBuilderImpl.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/DefaultGUIBuilderImpl.java @@ -28,13 +28,13 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGUIBuilderConfiguration; import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; -import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderImpl; +import at.gv.egiz.eaaf.core.impl.gui.AbstractVelocityGUIFormBuilderImpl; @Service("DefaultGUIBuilderImpl") -public class DefaultGUIBuilderImpl extends AbstractGUIFormBuilderImpl implements IGUIFormBuilder { +public class DefaultGUIBuilderImpl extends AbstractVelocityGUIFormBuilderImpl implements IGUIFormBuilder { private static final Logger log = LoggerFactory.getLogger(DefaultGUIBuilderImpl.class); private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/"; @@ -45,7 +45,7 @@ public class DefaultGUIBuilderImpl extends AbstractGUIFormBuilderImpl implements } @Override - protected InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException { + protected InputStream getInternalTemplate(IVelocityGUIBuilderConfiguration config) throws GUIBuildException { String viewName = config.getViewName(); log.debug("GUI template:" + viewName + " is not found in configuration directory. " + " Load template from project library ... "); @@ -58,8 +58,7 @@ public class DefaultGUIBuilderImpl extends AbstractGUIFormBuilderImpl implements log.error("GUI template:" + pathLocation + " is NOT loadable from classpath!", e1); throw new GUIBuildException("GUI template:" + pathLocation + " is NOT loadable from classpath!", e1); - } - + } } } diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/GUIBuilderConfigurationFactory.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/GUIBuilderConfigurationFactory.java index 025c6a24..e0ce6b3e 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/GUIBuilderConfigurationFactory.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/GUIBuilderConfigurationFactory.java @@ -34,6 +34,7 @@ import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGUIBuilderConfiguration; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; @Service("GUIBuilderConfigurationFactory") @@ -46,7 +47,7 @@ public class GUIBuilderConfigurationFactory implements IGUIBuilderConfigurationF } @Override - public IGUIBuilderConfiguration getSPSpecificSAML2PostConfiguration(IRequest pendingReq, String viewName, URI configRootContextDir) + public IVelocityGUIBuilderConfiguration getSPSpecificSAML2PostConfiguration(IRequest pendingReq, String viewName, URI configRootContextDir) throws MalformedURLException { return new StaticGuiBuilderConfiguration(basicConfig, pendingReq,MSeIDASNodeConstants.TEMPLATE_HTML_PVP_POSTBINDING , null); } diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java index aa5e1238..088c48a7 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java @@ -32,8 +32,6 @@ import java.net.MalformedURLException; import java.net.URI; import java.net.URISyntaxException; import java.net.URL; -import java.util.HashMap; -import java.util.Map; import org.apache.commons.lang.StringEscapeUtils; import org.slf4j.Logger; @@ -41,17 +39,17 @@ import org.slf4j.LoggerFactory; import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGUIBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -public class StaticGuiBuilderConfiguration extends AbstractGUIFormBuilderConfiguration implements ModifyableGuiBuilderConfiguration { +public class StaticGuiBuilderConfiguration extends AbstractGUIFormBuilderConfiguration implements IVelocityGUIBuilderConfiguration, ModifyableGuiBuilderConfiguration { private static final Logger log = LoggerFactory.getLogger(StaticGuiBuilderConfiguration.class); private IRequest pendingReq = null; private IConfiguration basicConfig = null; - Map params = new HashMap(); public StaticGuiBuilderConfiguration(IConfiguration basicConfig, String authURL, String viewName, String formSubmitEndpoint) { super(authURL, viewName, formSubmitEndpoint); @@ -103,24 +101,30 @@ public class StaticGuiBuilderConfiguration extends AbstractGUIFormBuilderConfigu } @Override - protected Map getSpecificViewParameters() { - if (pendingReq != null) { - params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId())); - - } + public void putCustomParameterWithOutEscaption(String group, String key, Object value) { + log.info("Add GUI-Template parameters WITHOUT escaption ARE NOT supported!!!!!"); - return params; } @Override - public void putCustomParameter(String key, String value) { - params.put(key, StringEscapeUtils.escapeHtml(value)); + public void putCustomParameter(String group, String key, String value) { + setViewParameter(getFromGroup(), key, StringEscapeUtils.escapeHtml(value)); } @Override - public void putCustomParameterWithOutEscaption(String arg0, Object arg1) { - log.info("Add GUI-Template parameters WITHOUT escaption ARE NOT supported!!!!!"); + protected void putSpecificViewParameters() { + if (pendingReq != null) { + setViewParameter(getFromGroup(), PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId())); + setViewParameter(getFromGroup(), PARAM_PENDINGREQUESTID_DEPRECATED, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId())); + + } + + } + + @Override + protected String getFromGroup() { + return null; } diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index fe32a383..b04592b4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -13,9 +13,9 @@ eIDAS module based on eIDAS node reference implementation v2.x - 2.1.0 - 2.1.0 - 2.1.0 + 2.2.1-egiz + 2.2.1-egiz + 2.2.1-egiz 3.23.1 diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java index 0939bffd..113fc3e7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java @@ -42,6 +42,7 @@ import com.google.common.collect.ImmutableSortedSet; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import eu.eidas.auth.commons.EidasParameterKeys; import eu.eidas.auth.commons.light.ILightResponse; @@ -73,7 +74,7 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController { Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT }, method = {RequestMethod.POST, RequestMethod.GET}) - public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } @@ -111,7 +112,7 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController { if (StringUtils.isEmpty(eIDASResponse.getRelayState())) { log.debug("eIDAS Node returns no RelayState. "); - if (authConfig.getBasicMOAIDConfigurationBoolean( + if (authConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, false)) { log.trace("Use lightRequestId to recover session ... "); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java index 52572199..762bf4d4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java @@ -104,7 +104,7 @@ public class eIDASAttributeRegistry { * legal persons on the same time, because it's not possible to represent both simultaneously. */ Map configAttributes = - basicConfig.getBasicMOAIDConfigurationWithPrefix( + basicConfig.getBasicConfigurationWithPrefix( Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_ONLYNATURAL); for (String el: configAttributes.values()) { if (StringUtils.isNotEmpty(el.trim())) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java index 2003a5eb..a3d28304 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java @@ -198,7 +198,7 @@ public class SZRClient { log.info("Starting SZR-Client initialization .... "); URL url = SZRClient.class.getResource("/szr_client/SZR-1.1.WSDL"); - boolean useTestSZR = basicConfig.getBasicMOAIDConfigurationBoolean( + boolean useTestSZR = basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE, true); @@ -305,7 +305,7 @@ public class SZRClient { } //add logging handler to trace messages if required - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES, false)) { LoggingHandler loggingHandler = new LoggingHandler(); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java index 481f9e1d..cc1d6ae4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java @@ -114,7 +114,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { writeMDSLogInformation(eIDData); //connect SZR-Gateway - if(basicConfig.getBasicMOAIDConfigurationBoolean( + if(basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!"); // create fake IdL @@ -185,7 +185,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //set PlaceOfBirth if available if (eIDData.getPlaceOfBirth() != null) { log.trace("Find 'PlaceOfBirth' attribute: " + eIDData.getPlaceOfBirth()); - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, true)) { naturalPerson.setPlaceOfBirth(eIDData.getPlaceOfBirth()); @@ -197,7 +197,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //set BirthName if available if (eIDData.getBirthName() != null) { log.trace("Find 'BirthName' attribute: " + eIDData.getBirthName()); - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, true)) { AlternativeNameType alternativeName = new AlternativeNameType(); @@ -215,7 +215,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); //write ERnB inputdata into revisionlog - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, @@ -226,7 +226,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } //get bPK from SZR - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { bPK = szrClient.getBPK( personInfo, @@ -370,7 +370,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { private void writeMDSLogInformation(ERnBeIDData eIDData) { //log MDS and country code into technical log - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( MSeIDASNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) log.info("eIDAS Auth. for user: " + eIDData.getGivenName() + " " @@ -379,7 +379,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { + "from " + eIDData.getCitizenCountryCode()); //log MDS and country code into revision log - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( MSeIDASNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG, false)) revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.RESPONSE_FROM_EIDAS_MDSDATA, "{" + eIDData.getGivenName() + "," diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java index 0020a222..ea5ec25f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java @@ -156,7 +156,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for any SPType String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); if (StringUtils.isNotEmpty(providerName) - && basicConfig.getBasicMOAIDConfigurationBoolean( + && basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, false) ) @@ -195,7 +195,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); //Workaround, because eIDAS node ref. impl. does not return relayState - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, false)) { log.trace("Put lightRequestId into transactionstore as session-handling backup"); @@ -236,13 +236,13 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { Constants.TEMPLATE_POST_FORWARD_NAME, null); - config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL); - config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL); + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, EidasParameterKeys.TOKEN.toString()); - config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, tokenBase64); - guiBuilder.build(response, config, "BKU-Selection form"); + guiBuilder.build(request, response, config, "BKU-Selection form"); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java index 93e25102..2698d4ea 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java @@ -33,6 +33,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.asitplus.eidas.specific.connector.MSConnectorEventCodes; +import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; @@ -83,7 +84,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { // ******* MS-specificresponse validation ********** // ********************************************************** String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); - eIDASResponseValidator.validateResponse(pendingReq, eIDASResponse, spCountry, attrRegistry); + String citizenCountryCode = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + eIDASResponseValidator.validateResponse(pendingReq, eIDASResponse, spCountry, citizenCountryCode, attrRegistry); // ********************************************************** diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java index a659f337..f974232b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java @@ -48,7 +48,7 @@ import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; public class eIDASResponseValidator { private static final Logger log = LoggerFactory.getLogger(eIDASResponseValidator.class); - public static void validateResponse(IRequest pendingReq, ILightResponse eIDASResponse, String spCountry, eIDASAttributeRegistry attrRegistry) throws eIDASValidationException { + public static void validateResponse(IRequest pendingReq, ILightResponse eIDASResponse, String spCountry, String citizenCountryCode, eIDASAttributeRegistry attrRegistry) throws eIDASValidationException { /*-----------------------------------------------------| * validate received LoA against minimum required LoA | @@ -139,11 +139,11 @@ public class eIDASResponseValidator { "No or empty citizen country"}); } - if (!split.getSecond().equalsIgnoreCase(spCountry)) { + if (!split.getFirst().equalsIgnoreCase(citizenCountryCode)) { log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER - + " includes a relaying-party country that does not match to service-provider country. " + + " includes a citizen country that does not match to service-provider country. " + " Value:" + natPersId - + " SP Country:" + spCountry); + + " citiczen Country:" + spCountry); throw new eIDASValidationException("eidas.07", new Object[]{ Constants.eIDAS_ATTR_PERSONALIDENTIFIER, diff --git a/pom.xml b/pom.xml index 5ed5f0b1..2a86d3bf 100644 --- a/pom.xml +++ b/pom.xml @@ -10,24 +10,24 @@ - 1.0.1-snapshot + 1.0.1 - 0.1 + 0.3 0.4 - 1.0.5 + 1.0.9-snapshot - 5.1.5.RELEASE - 3.2.8 + 5.1.8.RELEASE + 3.3.2 - 3.8.1 - 1.6 - 4.3 - 27.0.1-jre - 2.10.1 + 3.9 + 1.7 + 4.4 + 28.0-jre + 2.10.3 2.22.1 - 1.7.25 + 1.7.26 -- cgit v1.2.3