From 0f0dcfc7a01c4b3a8b15b12b5257f08797fd0926 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 3 Jun 2022 16:04:40 +0200 Subject: refactor(connector): move MS-Connector from new directory 'connector' to 'ms_specific_connector' --- .../MsSpecificEidasNodeSpringResourceProvider.java | 54 --- ...ficSpringBootApplicationContextInitializer.java | 82 ----- .../SpringBootApplicationInitializer.java | 105 ------ .../attributes/AuthBlockAttributeBuilder.java | 68 ---- .../attributes/EidasBindAttributeBuilder.java | 64 ---- .../connector/builder/PvpSubjectNameGenerator.java | 40 --- .../connector/config/MsConnectorMessageSource.java | 21 -- .../connector/config/PvpEndPointConfiguration.java | 158 --------- .../connector/config/PvpMetadataConfiguration.java | 269 --------------- .../controller/ProcessEngineSignalController.java | 59 ---- .../connector/controller/Pvp2SProfileEndpoint.java | 80 ----- .../health/Saml2MetadataHealthIndicator.java | 44 --- .../processes/CountrySelectionProcessImpl.java | 68 ---- .../tasks/EvaluateCountrySelectionTask.java | 83 ----- .../tasks/GenerateCountrySelectionFrameTask.java | 84 ----- .../provider/PvpEndPointCredentialProvider.java | 97 ------ .../provider/PvpMetadataConfigurationFactory.java | 51 --- .../connector/provider/PvpMetadataProvider.java | 183 ---------- .../verification/AuthnRequestValidator.java | 382 --------------------- 19 files changed, 1992 deletions(-) delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/config/MsConnectorMessageSource.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/health/Saml2MetadataHealthIndicator.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java delete mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java (limited to 'connector/src/main/java/at') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java deleted file mode 100644 index 45e5c7d4..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.connector; - -import org.springframework.core.io.ClassPathResource; -import org.springframework.core.io.Resource; - -import at.gv.egiz.components.spring.api.SpringResourceProvider; - -public class MsSpecificEidasNodeSpringResourceProvider implements SpringResourceProvider { - - @Override - public Resource[] getResourcesToLoad() { - final ClassPathResource generic = - new ClassPathResource("/applicationContext.xml", MsSpecificEidasNodeSpringResourceProvider.class); - final ClassPathResource msEidasNode = new ClassPathResource( - "/specific_eIDAS_connector.beans.xml", MsSpecificEidasNodeSpringResourceProvider.class); - - return new Resource[] { generic, msEidasNode}; - - } - - @Override - public String[] getPackagesToScan() { - return null; - } - - @Override - public String getName() { - return "MS-specific eIDAS-Connector SpringResourceProvider"; - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java deleted file mode 100644 index 399d1286..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificSpringBootApplicationContextInitializer.java +++ /dev/null @@ -1,82 +0,0 @@ -package at.asitplus.eidas.specific.connector; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.util.Properties; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.context.ConfigurableApplicationContext; -import org.springframework.core.env.MutablePropertySources; -import org.springframework.core.env.PropertiesPropertySource; - -import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer; -import lombok.extern.slf4j.Slf4j; - -@Slf4j -public class MsSpecificSpringBootApplicationContextInitializer extends - SpringBootApplicationContextInitializer { - - private static final String SYSTEMD_PROP_NAME = "eidas.ms.configuration"; - private static final String PATH_FILE_PREFIX = "file:"; - - @Override - public void initialize(ConfigurableApplicationContext applicationContext) { - String configPath = System.getProperty(SYSTEMD_PROP_NAME); - if (StringUtils.isNotEmpty(configPath)) { - log.debug("Find configuration-source from SystemD Property: '{}' ...", SYSTEMD_PROP_NAME); - if (configPath.startsWith(PATH_FILE_PREFIX)) { - configPath = configPath.substring(PATH_FILE_PREFIX.length()); - - } - injectConfiguration(configPath, applicationContext); - - } else { - log.info("Find NO SystemD Property: '{}' Maybe no configuration available", SYSTEMD_PROP_NAME); - - } - - super.initialize(applicationContext); - - } - - private void injectConfiguration(String configPath, ConfigurableApplicationContext applicationContext) { - InputStream is = null; - try { - Path path = Paths.get(configPath); - if (Files.exists(path)) { - File file = new File(configPath); - Properties props = new Properties(); - is = new FileInputStream(file); - props.load(is); - MutablePropertySources sources = applicationContext.getEnvironment().getPropertySources(); - sources.addFirst(new PropertiesPropertySource(SYSTEMD_PROP_NAME, props)); - log.info("Set configuration-source from SystemD-Property: {}", SYSTEMD_PROP_NAME); - - } else { - log.error("Configuration from SystemD Property: '{}' at Location: {} DOES NOT exist", - SYSTEMD_PROP_NAME, configPath); - - } - - } catch (IOException e) { - log.error("Configuration from SystemD Property: '{}' at Location: {} CAN NOT be loaded", - SYSTEMD_PROP_NAME, configPath, e); - - } finally { - try { - if (is != null) { - is.close(); - - } - } catch (IOException e) { - log.error("Can not close InputStream of configLoader: {}", configPath, e); - - } - } - } -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java deleted file mode 100644 index 6616db23..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringBootApplicationInitializer.java +++ /dev/null @@ -1,105 +0,0 @@ -package at.asitplus.eidas.specific.connector; - -import org.opensaml.core.config.InitializationException; -import org.springframework.boot.SpringApplication; -import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.boot.builder.SpringApplicationBuilder; -import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; -import org.springframework.context.ConfigurableApplicationContext; -import org.springframework.web.context.WebApplicationContext; - -import at.gv.egiz.eaaf.core.api.IStatusMessenger; -import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; -import at.gv.egiz.eaaf.core.impl.logging.SimpleStatusMessager; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import lombok.extern.slf4j.Slf4j; -import net.shibboleth.utilities.java.support.component.ComponentInitializationException; - -@Slf4j -@SpringBootApplication(scanBasePackages = { - "at.asitplus.eidas.specific.connector", - "at.gv.egiz.eaaf.utils.springboot.ajp" - }) -public class SpringBootApplicationInitializer extends SpringBootServletInitializer { - - private static ConfigurableApplicationContext ctx; - - /** - * Starts MS-specific eIDAS-Implementation SpringBoot application. - * - * @param args Starting parameters - * @throws Throwable In case of a start-up error - */ - public static void main(final String[] args) throws Throwable { - try { - log.info("=============== Initializing Spring-Boot context! ==============="); - LogMessageProviderFactory.setStatusMessager(new SimpleStatusMessager()); - final SpringApplication springApp = - new SpringApplication(SpringBootApplicationInitializer.class); - springApp.addInitializers(new MsSpecificSpringBootApplicationContextInitializer()); - - log.info("Bootstrap openSAML .... "); - EaafOpenSaml3xInitializer.eaafInitialize(); - - log.debug("Run SpringBoot initialization process ... "); - ctx = springApp.run(args); - - // initialize status messenger - LogMessageProviderFactory.setStatusMessager(ctx.getBean(IStatusMessenger.class)); - - log.info("Initialization of MS-specific eIDAS-Connector finished."); - - } catch (final Throwable e) { - log.error("MS-specific eIDAS-Connector initialization FAILED!", e); - throw e; - - } - - } - - - protected SpringApplicationBuilder createSpringApplicationBuilder() { - try { - log.info("Bootstrap openSAML .... "); - EaafOpenSaml3xInitializer.eaafInitialize(); - - } catch (InitializationException | ComponentInitializationException e) { - throw new RuntimeException(e); - - } - - SpringApplicationBuilder builder = new SpringApplicationBuilder(); - builder.initializers(new MsSpecificSpringBootApplicationContextInitializer()); - return builder; - - } - - protected WebApplicationContext run(SpringApplication application) { - WebApplicationContext internalContext = (WebApplicationContext) application.run(); - - // initialize status messenger - LogMessageProviderFactory.setStatusMessager(internalContext.getBean(IStatusMessenger.class)); - - log.info("Initialization of MS-specific eIDAS-Connector finished."); - - return internalContext; - } - - /** - * Stops SpringBoot application of MS-specific eIDAS-Implementation. - * - */ - public static void exit() { - if (ctx != null) { - log.info("Stopping SpringBoot application ... "); - SpringApplication.exit(ctx, () -> 0); - ctx = null; - - } else { - log.info("No SpringBoot context. Nothing todo"); - - } - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java deleted file mode 100644 index 17eb0704..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a - * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European - * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in - * compliance with the Licence. You may obtain a copy of the Licence at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software distributed under the Licence - * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the Licence for the specific language governing permissions and limitations under - * the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text file for details on the - * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative - * works that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.connector.attributes; - -import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME; -import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME; - -import java.nio.charset.StandardCharsets; -import java.util.Base64; - -import org.apache.commons.lang3.StringUtils; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; -import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; -import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; - - -@PvpMetadata -public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder { - - @Override - public String getName() { - return EID_AUTHBLOCK_SIGNED_NAME; - } - - @Override - public ATT build(final ISpConfiguration oaParam, final IAuthData authData, - final IAttributeGenerator g) throws AttributeBuilderException { - - String authBlock = authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class); - if (StringUtils.isNotEmpty(authBlock)) { - return g.buildStringAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME, - Base64.getEncoder().encodeToString(authBlock.getBytes(StandardCharsets.UTF_8))); - - } else { - throw new UnavailableAttributeException(EID_AUTHBLOCK_SIGNED_NAME); - } - - } - - @Override - public ATT buildEmpty(final IAttributeGenerator g) { - return g.buildEmptyAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME); - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java deleted file mode 100644 index 18eb74f8..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a - * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European - * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in - * compliance with the Licence. You may obtain a copy of the Licence at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software distributed under the Licence - * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the Licence for the specific language governing permissions and limitations under - * the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text file for details on the - * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative - * works that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.connector.attributes; - -import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME; -import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME; - -import org.apache.commons.lang3.StringUtils; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; -import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; -import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; - -@PvpMetadata -public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { - - - @Override - public String getName() { - return EID_EIDBIND_NAME; - } - - @Override - public ATT build(final ISpConfiguration oaParam, final IAuthData authData, - final IAttributeGenerator g) throws AttributeBuilderException { - - String eidasBind = authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class); - if (StringUtils.isNotEmpty(eidasBind)) { - return g.buildStringAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME, eidasBind); - - } else { - throw new UnavailableAttributeException(EID_EIDBIND_NAME); - } - - } - - @Override - public ATT buildEmpty(final IAttributeGenerator g) { - return g.buildEmptyAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME); - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java deleted file mode 100644 index d4e97433..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.builder; - -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator; - -public class PvpSubjectNameGenerator implements ISubjectNameIdGenerator { - - @Override - public Pair generateSubjectNameId(IAuthData authData, ISpConfiguration spConfig) - throws Pvp2Exception { - return Pair.newInstance(authData.getBpk(), authData.getBpkType()); - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/MsConnectorMessageSource.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/MsConnectorMessageSource.java deleted file mode 100644 index 59df6375..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/MsConnectorMessageSource.java +++ /dev/null @@ -1,21 +0,0 @@ -package at.asitplus.eidas.specific.connector.config; - -import java.util.Arrays; -import java.util.List; - -import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; - -/** - * Inject eIDAS Connector specific messages into Spring based message-source. - * - * @author tlenz - * - */ -public class MsConnectorMessageSource implements IMessageSourceLocation { - - @Override - public List getMessageSourceLocation() { - return Arrays.asList("classpath:/properties/messages"); - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java deleted file mode 100644 index 81c37bd0..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java +++ /dev/null @@ -1,158 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.config; - -import java.util.Arrays; -import java.util.List; - -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml.saml2.metadata.ContactPerson; -import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration; -import org.opensaml.saml.saml2.metadata.EmailAddress; -import org.opensaml.saml.saml2.metadata.GivenName; -import org.opensaml.saml.saml2.metadata.Organization; -import org.opensaml.saml.saml2.metadata.OrganizationDisplayName; -import org.opensaml.saml.saml2.metadata.OrganizationName; -import org.opensaml.saml.saml2.metadata.OrganizationURL; -import org.opensaml.saml.saml2.metadata.SurName; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; - -@Service("PVPEndPointConfiguration") -public class PvpEndPointConfiguration implements IPvp2BasicConfiguration { - private static final Logger log = LoggerFactory.getLogger(PvpEndPointConfiguration.class); - - private static final String DEFAULT_XML_LANG = "en"; - - @Autowired(required = true) - IConfiguration basicConfiguration; - - @Override - public String getIdpEntityId(String authUrl) throws EaafException { - return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_METADATA; - - } - - @Override - public String getIdpSsoPostService(String authUrl) throws EaafException { - return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_POST; - - } - - @Override - public String getIdpSsoRedirectService(String authUrl) throws EaafException { - return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_REDIRECT; - - } - - @Override - public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException { - log.warn("PVP S-Profile End-Point does NOT support SOAP Binding"); - return null; - - } - - @Override - public List getIdpContacts() throws EaafException { - final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class); - final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class); - final SurName surname = Saml2Utils.createSamlObject(SurName.class); - final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class); - - givenName.setValue(getAndVerifyFromConfiguration( - MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME)); - surname.setValue(getAndVerifyFromConfiguration( - MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME)); - emailAddress.setURI(getAndVerifyFromConfiguration( - MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL)); - - contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL); - contactPerson.setGivenName(givenName); - contactPerson.setSurName(surname); - contactPerson.getEmailAddresses().add(emailAddress); - - return Arrays.asList(contactPerson); - - } - - @Override - public Organization getIdpOrganisation() throws EaafException { - final Organization organisation = Saml2Utils.createSamlObject(Organization.class); - final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class); - final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class); - final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class); - - orgName.setXMLLang(DEFAULT_XML_LANG); - orgName.setValue(getAndVerifyFromConfiguration( - MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME)); - - orgDisplayName.setXMLLang(DEFAULT_XML_LANG); - orgDisplayName.setValue(getAndVerifyFromConfiguration( - MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME)); - - orgUrl.setXMLLang(DEFAULT_XML_LANG); - orgUrl.setURI(getAndVerifyFromConfiguration( - MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL)); - - - organisation.getOrganizationNames().add(orgName); - organisation.getDisplayNames().add(orgDisplayName); - organisation.getURLs().add(orgUrl); - - return organisation; - } - - @Override - public IConfiguration getBasicConfiguration() { - return basicConfiguration; - } - - private String removePostFix(String url) { - if (url != null && url.endsWith("/")) { - return url.substring(0, url.length() - 1); - } else { - return url; - } - } - - private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException { - final String value = basicConfiguration.getBasicConfiguration(configKey); - if (StringUtils.isEmpty(value)) { - throw new EaafConfigurationException("config.08", - new Object[] {configKey}); - - } - - return value; - } -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java deleted file mode 100644 index e83fd4cf..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java +++ /dev/null @@ -1,269 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.config; - -import java.util.Arrays; -import java.util.List; - -import org.opensaml.saml.saml2.core.Attribute; -import org.opensaml.saml.saml2.core.NameIDType; -import org.opensaml.saml.saml2.metadata.ContactPerson; -import org.opensaml.saml.saml2.metadata.Organization; -import org.opensaml.saml.saml2.metadata.RequestedAttribute; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; - -public class PvpMetadataConfiguration implements IPvpMetadataBuilderConfiguration { - private static final Logger log = LoggerFactory.getLogger(PvpMetadataConfiguration.class); - - private final IConfiguration basicConfig; - private final String authUrl; - private final IPvp2CredentialProvider pvpIdpCredentials; - private final IPvp2BasicConfiguration pvpBasicConfig; - - /** - * Configuration object to create PVP2 S-Profile metadata. - * - * @param basicConfig Application configuration - * @param authUrl Public-URL Prefix of the application - * @param pvpBasicConfig PVP2 configuration object - * @param pvpIdpCredentials2 PVP2 credentials - */ - public PvpMetadataConfiguration(IConfiguration basicConfig, String authUrl, - IPvp2BasicConfiguration pvpBasicConfig, IPvp2CredentialProvider pvpIdpCredentials2) { - this.authUrl = authUrl; - this.pvpIdpCredentials = pvpIdpCredentials2; - this.basicConfig = basicConfig; - this.pvpBasicConfig = pvpBasicConfig; - - } - - @Override - public String getSpNameForLogging() { - return "PVP2 S-Profile IDP"; - } - - @Override - public int getMetadataValidUntil() { - return Integer.parseInt(basicConfig.getBasicConfiguration( - MsEidasNodeConstants.PROP_CONFIG_PVP2_METADATA_VALIDITY, - String.valueOf(MsEidasNodeConstants.DEFAULT_PVP_METADATA_VALIDITY))); - - } - - @Override - public boolean buildEntitiesDescriptorAsRootElement() { - return false; - - } - - @Override - public boolean buildIdpSsoDescriptor() { - return true; - - } - - @Override - public boolean buildSpSsoDescriptor() { - return false; - - } - - @Override - public String getEntityID() { - try { - return pvpBasicConfig.getIdpEntityId(authUrl); - - } catch (final EaafException e) { - log.error("Can NOT build PVP metadata configuration.", e); - throw new RuntimeException("Can NOT build PVP metadata configuration."); - - } - - } - - @Override - public String getEntityFriendlyName() { - return null; - - } - - @Override - public List getContactPersonInformation() { - try { - return pvpBasicConfig.getIdpContacts(); - - } catch (final EaafException e) { - log.error("Can NOT build PVP metadata configuration.", e); - throw new RuntimeException("Can NOT build PVP metadata configuration."); - - } - - } - - @Override - public Organization getOrgansiationInformation() { - try { - return pvpBasicConfig.getIdpOrganisation(); - - } catch (final EaafException e) { - log.error("Can NOT build PVP metadata configuration.", e); - throw new RuntimeException("Can NOT build PVP metadata configuration."); - - } - } - - @Override - public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { - return pvpIdpCredentials.getMetaDataSigningCredential(); - - } - - @Override - public EaafX509Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { - return pvpIdpCredentials.getMessageSigningCredential(); - - } - - @Override - public EaafX509Credential getEncryptionCredentials() throws CredentialsNotAvailableException { - return null; - - } - - @Override - public String getIdpWebSsoPostBindingUrl() { - try { - return pvpBasicConfig.getIdpSsoPostService(authUrl); - - } catch (final EaafException e) { - log.error("Can NOT build PVP metadata configuration.", e); - throw new RuntimeException("Can NOT build PVP metadata configuration."); - - } - - } - - @Override - public String getIdpWebSsoRedirectBindingUrl() { - try { - return pvpBasicConfig.getIdpSsoRedirectService(authUrl); - - } catch (final EaafException e) { - log.error("Can NOT build PVP metadata configuration.", e); - throw new RuntimeException("Can NOT build PVP metadata configuration."); - - } - } - - @Override - public String getIdpSloPostBindingUrl() { - return null; - - } - - @Override - public String getIdpSloRedirectBindingUrl() { - return null; - - } - - @Override - public String getSpAssertionConsumerServicePostBindingUrl() { - return null; - - } - - @Override - public String getSpAssertionConsumerServiceRedirectBindingUrl() { - return null; - - } - - @Override - public String getSpSloPostBindingUrl() { - return null; - - } - - @Override - public String getSpSloRedirectBindingUrl() { - return null; - - } - - @Override - public String getSpSloSoapBindingUrl() { - return null; - - } - - @Override - public List getIdpPossibleAttributes() { - return PvpAttributeBuilder.buildSupportedEmptyAttributes(); - - } - - @Override - public List getIdpPossibleNameIdTypes() { - return Arrays.asList(NameIDType.PERSISTENT, - NameIDType.TRANSIENT, - NameIDType.UNSPECIFIED); - } - - @Override - public List getSpRequiredAttributes() { - return null; - - } - - @Override - public List getSpAllowedNameIdTypes() { - return null; - - } - - @Override - public boolean wantAssertionSigned() { - return false; - - } - - @Override - public boolean wantAuthnRequestSigned() { - return true; - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java deleted file mode 100644 index f360185b..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.asitplus.eidas.specific.connector.controller; - -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; - -/** - * Default process-engine signaling controller. - * - * @author tlenz - * - */ -@Controller -public class ProcessEngineSignalController extends AbstractProcessEngineSignalController { - - @RequestMapping(value = { - MsEidasNodeConstants.ENDPOINT_COUNTRYSELECTION, - MsEidasNodeConstants.ENDPOINT_OTHER_LOGIN_METHOD_SELECTION, - MsEidasNodeConstants.ENDPOINT_RESIDENCY_INPUT - }, - method = { RequestMethod.POST, RequestMethod.GET }) - public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) - throws IOException, EaafException { - signalProcessManagement(req, resp); - - } -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java deleted file mode 100644 index 923864cc..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.controller; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPvp2XProtocol; -import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest; - -@Controller -public class Pvp2SProfileEndpoint extends AbstractPvp2XProtocol { - - public static final String NAME = Pvp2SProfileEndpoint.class.getName(); - public static final String PROTOCOL_ID = "pvp2-s"; - - @RequestMapping(value = MsEidasNodeConstants.ENDPOINT_PVP_METADATA, method = { RequestMethod.POST, - RequestMethod.GET }) - public void pvpMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException { - super.pvpMetadataRequest(req, resp); - - } - - @RequestMapping(value = MsEidasNodeConstants.ENDPOINT_PVP_POST, method = { RequestMethod.POST }) - public void pvpIdpPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException { - super.pvpIdpPostRequest(req, resp); - - } - - @RequestMapping(value = MsEidasNodeConstants.ENDPOINT_PVP_REDIRECT, method = { RequestMethod.GET }) - public void pvpIdpRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException { - super.pvpIdpRedirecttRequest(req, resp); - - } - - @Override - public String getAuthProtocolIdentifier() { - return PROTOCOL_ID; - } - - @Override - public String getName() { - return NAME; - } - - @Override - protected boolean childPreProcess(HttpServletRequest arg0, HttpServletResponse arg1, - PvpSProfilePendingRequest arg2) - throws Throwable { - return false; - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/health/Saml2MetadataHealthIndicator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/health/Saml2MetadataHealthIndicator.java deleted file mode 100644 index 592231b0..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/health/Saml2MetadataHealthIndicator.java +++ /dev/null @@ -1,44 +0,0 @@ -package at.asitplus.eidas.specific.connector.health; - -import javax.xml.transform.TransformerFactoryConfigurationError; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.actuate.health.Health; -import org.springframework.boot.actuate.health.HealthIndicator; - -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataConfigurationFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; -import lombok.Setter; -import lombok.extern.slf4j.Slf4j; - -@Slf4j -public class Saml2MetadataHealthIndicator implements HealthIndicator { - - @Autowired - private PvpMetadataBuilder metadatabuilder; - @Autowired - private IPvpMetadataConfigurationFactory configFactory; - - @Setter - private AbstractCredentialProvider pvpIdpCredentials; - - @Override - public Health health() { - try { - // build metadata - final IPvpMetadataBuilderConfiguration metadataConfig = - configFactory.generateMetadataBuilderConfiguration( - "http://localhost/monitoring", - pvpIdpCredentials); - metadatabuilder.buildPvpMetadata(metadataConfig); - return Health.up().build(); - - } catch (Exception | TransformerFactoryConfigurationError e) { - return Health.down().down(e).build(); - - } - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java deleted file mode 100644 index 2ec86f53..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.processes; - -import org.apache.commons.lang3.StringUtils; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; - -/** - * Auth-Process selector for User's country selection. - * - * @author tlenz - * - */ -public class CountrySelectionProcessImpl implements AuthModule { - - @Override - public int getPriority() { - return 0; - - } - - @Override - public String selectProcess(ExecutionContext context, IRequest pendingReq) { - final Object selectedCountryObj = context.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); - if (selectedCountryObj != null && selectedCountryObj instanceof String) { - final String selectedCountry = (String) selectedCountryObj; - if (StringUtils.isNotEmpty(selectedCountry)) { - return null; - } - - } - - return "CountrySelectionProcess"; - - } - - @Override - public String[] getProcessDefinitions() { - return new String[] { "classpath:processes/CountrySelection.process.xml" }; - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java deleted file mode 100644 index b2c5c51d..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.processes.tasks; - -import java.util.Enumeration; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Component; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask; - -/** - * Evaluate the User's country selection. - * - * @author tlenz - * - */ -@Component("EvaluateCountrySelectionTask") -public class EvaluateCountrySelectionTask extends AbstractLocaleAuthServletTask { - private static final Logger log = LoggerFactory.getLogger(EvaluateCountrySelectionTask.class); - - @Override - public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, - HttpServletResponse response) - throws TaskExecutionException { - try { - - // set parameter execution context - final Enumeration reqParamNames = request.getParameterNames(); - while (reqParamNames.hasMoreElements()) { - final String paramName = reqParamNames.nextElement(); - if (StringUtils.isNotEmpty(paramName) - && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) { - for (final String el : MsEidasNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST) { - if (el.equalsIgnoreCase(paramName)) { - executionContext.put(paramName, - StringEscapeUtils.escapeHtml(request.getParameter(paramName))); - } - } - } - } - - log.info("Country selection finished. Starting auth. process for country ... "); - - } catch (final Exception e) { - log.warn("EvaluateBKUSelectionTask has an internal error", e); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java deleted file mode 100644 index 57a4c19a..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.processes.tasks; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import at.asitplus.eidas.specific.core.MsConnectorEventCodes; -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask; - -/** - * Create country-selection page. - * - * @author tlenz - * - */ -@Component("GenerateCountrySelectionFrameTask") -public class GenerateCountrySelectionFrameTask extends AbstractLocaleAuthServletTask { - - @Autowired - ISpringMvcGuiFormBuilder guiBuilder; - @Autowired - IConfiguration basicConfig; - - - @Override - public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, - HttpServletResponse response) throws TaskExecutionException { - try { - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.STARTING_COUNTRY_SELECTION); - - final IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( - basicConfig, - pendingReq, - basicConfig.getBasicConfiguration( - MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_CCSELECTION, - MsEidasNodeConstants.TEMPLATE_HTML_COUNTRYSELECTION), - MsEidasNodeConstants.ENDPOINT_COUNTRYSELECTION, - resourceLoader); - - guiBuilder.build(request, response, config, "BKU-Selection form"); - - } catch (final Exception e) { - throw new TaskExecutionException(pendingReq, - "Can not build GUI. Msg:" + e.getMessage(), - new EaafException("gui.00", new Object[] { e.getMessage() }, e)); - - } - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java deleted file mode 100644 index 98e88eff..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.provider; - -import org.springframework.beans.factory.annotation.Autowired; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; - -public class PvpEndPointCredentialProvider extends AbstractCredentialProvider { - - @Autowired(required = true) - IConfiguration basicConfiguration; - - @Override - public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { - final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); - keyStoreConfig.setFriendlyName("PVP2 S-Profile EndPoint"); - keyStoreConfig.setKeyStoreType( - basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.CONFIG_PROPS_KEYSTORE_TYPE, - KeyStoreType.PKCS12.getKeyStoreType())); - keyStoreConfig.setKeyStoreName( - basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.CONFIG_PROPS_KEYSTORE_NAME)); - keyStoreConfig.setSoftKeyStoreFilePath(basicConfiguration.getBasicConfiguration( - MsEidasNodeConstants.PROP_CONFIG_PVP2_KEYSTORE_PATH)); - keyStoreConfig.setSoftKeyStorePassword( - basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_PVP2_KEYSTORE_PASSWORD)); - - keyStoreConfig.validate(); - - return keyStoreConfig; - } - - - @Override - public String getMetadataKeyAlias() { - return basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_METADATA_ALIAS); - } - - @Override - public String getMetadataKeyPassword() { - return basicConfiguration.getBasicConfiguration( - MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_METADATA_PASSWORD); - - } - - @Override - public String getSignatureKeyAlias() { - return basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_SIGNING_ALIAS); - - } - - @Override - public String getSignatureKeyPassword() { - return basicConfiguration.getBasicConfiguration( - MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_SIGNING_PASSWORD); - - } - - @Override - public String getEncryptionKeyAlias() { - return null; - - } - - @Override - public String getEncryptionKeyPassword() { - return null; - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java deleted file mode 100644 index e8bc4eb8..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.provider; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import at.asitplus.eidas.specific.connector.config.PvpMetadataConfiguration; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataConfigurationFactory; -import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; - -@Service("PVPMetadataConfigurationFactory") -public class PvpMetadataConfigurationFactory implements IPvpMetadataConfigurationFactory { - - @Autowired - private IConfiguration basicConfig; - @Autowired - private IPvp2BasicConfiguration pvpBasicConfig; - - @Override - public IPvpMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authUrl, - IPvp2CredentialProvider pvpIdpCredentials) { - return new PvpMetadataConfiguration(basicConfig, authUrl, pvpBasicConfig, pvpIdpCredentials); - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java deleted file mode 100644 index 6161c271..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.provider; - -import java.io.IOException; -import java.security.KeyStore; -import java.security.Provider; -import java.security.cert.CertificateException; -import java.text.MessageFormat; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml.metadata.resolver.MetadataResolver; -import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; -import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; - -@Service("PVPMetadataProvider") -public class PvpMetadataProvider extends AbstractChainingMetadataProvider { - private static final Logger log = LoggerFactory.getLogger(PvpMetadataProvider.class); - - private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}"; - - @Autowired(required = true) - IConfigurationWithSP basicConfig; - @Autowired - private PvpMetadataResolverFactory metadataProviderFactory; - @Autowired - private IHttpClientFactory httpClientFactory; - - @Autowired - private EaafKeyStoreFactory keyStoreFactory; - - - @Override - protected String getMetadataUrl(String entityId) throws EaafConfigurationException { - final ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId); - if (spConfig != null) { - String metadataUrl = entityId; - - final String metadataUrlFromConfig = spConfig.getConfigurationValue( - MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL); - if (StringUtils.isNotEmpty(metadataUrlFromConfig)) { - log.debug("Use metdataURL from configuration for EntityId: " + entityId); - metadataUrl = metadataUrlFromConfig; - - } - - return metadataUrl; - - } else { - log.info("No ServiceProvider with entityId: " + entityId + " in configuration."); - } - - return null; - } - - @Override - protected MetadataResolver createNewMetadataProvider(String entityId) - throws EaafConfigurationException, IOException, CertificateException { - final ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId); - if (spConfig != null) { - try { - String metadataUrl = spConfig.getConfigurationValue( - MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL); - if (StringUtils.isEmpty(metadataUrl)) { - log.debug("Use EntityId: " + entityId + " instead of explicite metadataURL ... "); - metadataUrl = entityId; - - } - - KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); - keyStoreConfig.setFriendlyName(MessageFormat.format(PROVIDER_ID_PATTERN, entityId)); - keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); - keyStoreConfig.setSoftKeyStoreFilePath( - spConfig.getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE)); - keyStoreConfig.setSoftKeyStorePassword(spConfig.getConfigurationValue( - MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD)); - - keyStoreConfig.validate(); - - Pair keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); - - final List filterList = new ArrayList<>(); - filterList.add(new SchemaValidationFilter(true)); - filterList.add(new SimpleMetadataSignatureVerificationFilter( - keyStore.getFirst(), entityId)); - filterList.add(new PvpEntityCategoryFilter( - basicConfig.getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES, - true))); - - final MetadataFilterChain filter = new MetadataFilterChain(); - filter.setFilters(filterList); - - try { - return metadataProviderFactory.createMetadataProvider(getMetadataUrl(entityId), - filter, - MessageFormat.format(PROVIDER_ID_PATTERN, entityId), - httpClientFactory.getHttpClient()); - - } catch (final Pvp2MetadataException e) { - log.info("Can NOT build metadata provider for entityId: {}", entityId); - throw new EaafConfigurationException("module.eidasauth.04", - new Object[] { entityId, e.getMessage() }, e); - - } - - } catch (final EaafException e) { - log.info("Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage()); - throw new EaafConfigurationException("config.27", - new Object[] { "Can NOT initialize Metadata signature-verification filter. Reason: " + e - .getMessage() }, e); - - } - - } else { - log.info("No ServiceProvider with entityId: " + entityId + " in configuration."); - } - - return null; - } - - @Override - protected List getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { - return Collections.emptyList(); - } - - @Override - protected String getMetadataProviderId() { - return "Service-provider chainging metadata provider"; - - } - - @Override - public void doDestroy() { - this.fullyDestroy(); - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java deleted file mode 100644 index 23702264..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java +++ /dev/null @@ -1,382 +0,0 @@ -/* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.asitplus.eidas.specific.connector.verification; - -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.commons.lang3.StringUtils; -import org.opensaml.core.xml.XMLObject; -import org.opensaml.saml.saml2.core.AuthnContextClassRef; -import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration; -import org.opensaml.saml.saml2.core.AuthnRequest; -import org.opensaml.saml.saml2.core.NameIDPolicy; -import org.opensaml.saml.saml2.core.NameIDType; -import org.opensaml.saml.saml2.core.RequestedAuthnContext; -import org.opensaml.saml.saml2.core.Scoping; -import org.opensaml.saml.saml2.metadata.SPSSODescriptor; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; - -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; -import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor; -import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException; -import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; - -public class AuthnRequestValidator implements IAuthnRequestPostProcessor { - - private static final Logger log = LoggerFactory.getLogger(AuthnRequestValidator.class); - - @Autowired(required = true) - private IConfiguration basicConfig; - - @Override - public void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, - SPSSODescriptor spSsoDescriptor) throws AuthnRequestValidatorException { - try { - // validate NameIDPolicy - final NameIDPolicy nameIdPolicy = authnReq.getNameIDPolicy(); - if (nameIdPolicy != null) { - final String nameIdFormat = nameIdPolicy.getFormat(); - if (nameIdFormat != null) { - if (!(NameIDType.TRANSIENT.equals(nameIdFormat) - || NameIDType.PERSISTENT.equals(nameIdFormat))) { - - throw new NameIdFormatNotSupportedException(nameIdFormat); - - } - - } else { - log.trace("Find NameIDPolicy, but NameIDFormat is 'null'"); - } - } else { - log.trace("AuthnRequest includes no 'NameIDPolicy'"); - } - - // post-process RequesterId - final String spEntityId = extractScopeRequsterId(authnReq); - if (StringUtils.isEmpty(spEntityId)) { - log.info("NO service-provider entityID in Authn. request. Stop authn. process ... "); - throw new AuthnRequestValidatorException("pvp2.22", - new Object[] { "NO relaying-party entityID in Authn. request" }, pendingReq); - - } else { - pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, spEntityId); - } - - // post-process ProviderName - final String providerName = authnReq.getProviderName(); - if (StringUtils.isEmpty(providerName)) { - log.info("Authn. request contains NO SP friendlyName"); - } else { - pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_PROVIDERNAME, providerName); - } - - // post-process requested LoA - postprocessLoaLevel(pendingReq, authnReq); - - // post-process requested LoA comparison-level - pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode( - extractComparisonLevel(authnReq)); - - // extract information from requested attributes - extractFromRequestedAttriutes(pendingReq, authnReq); - - } catch (final EaafStorageException e) { - log.info("Can NOT store Authn. Req. data into pendingRequest.", e); - throw new AuthnRequestValidatorException("internal.02", null, e); - - } - - } - - private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq) - throws AuthnRequestValidatorException, EaafStorageException { - // validate and process requested attributes - boolean sectorDetected = false; - - final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration( - ServiceProviderConfiguration.class); - - if (authnReq.getExtensions() != null) { - final List requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects(); - for (final XMLObject reqAttrObj : requestedAttributes) { - if (reqAttrObj instanceof EaafRequestedAttributes) { - final EaafRequestedAttributes reqAttr = (EaafRequestedAttributes) reqAttrObj; - if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) { - for (final EaafRequestedAttribute el : reqAttr.getAttributes()) { - log.trace("Processing req. attribute '" + el.getName() + "' ... "); - if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) { - sectorDetected = extractBpkTargetIdentifier(el, spConfig); - - } else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) { - extractUniqueTransactionId(el, pendingReq); - - } else if (el.getName().equals(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME)) { - extractBindingPublicKey(el, pendingReq); - - } else { - log.debug("Ignore req. attribute: " + el.getName()); - - } - } - - } else { - log.debug("No requested Attributes in Authn. Request"); - - } - - } else { - log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString()); - - } - } - } - - if (!sectorDetected) { - log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information."); - throw new AuthnRequestValidatorException("pvp2.22", new Object[] { - "NO or NO VALID target-sector information" }); - - } - - } - - private void extractBindingPublicKey(EaafRequestedAttribute el, IRequest pendingReq) - throws EaafStorageException { - if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { - final String bindingPubKey = el.getAttributeValues().get(0).getDOM().getTextContent(); - pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey); - log.info("Find Binding Public-Key. eIDAS authentication will be used to create an ID Austria Binding"); - - } else { - log.warn( - "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", - el.getName()); - - } - } - - /** - * Extract unique transactionId from AuthnRequest. - * - * @param el Requested attribute from AuthnRequest - * @param pendingReq Current pendingRequest object (has to be of type - * {@link RequestImpl}) - * @return true if transactionId extraction was successful, - * otherwise false - */ - private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) { - if (!(pendingReq instanceof RequestImpl)) { - log.warn( - "Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}", - RequestImpl.class.getName()); - - } else { - if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { - final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent(); - ((RequestImpl) pendingReq).setUniqueTransactionIdentifier(transactionId); - log.info("Find transactionId: {} from requesting service. Replace old id: {} ", - transactionId, TransactionIdUtils.getTransactionId()); - TransactionIdUtils.setTransactionId(transactionId); - - return true; - - } else { - log.warn( - "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", - el.getName()); - - } - - } - - return false; - } - - /** - * Extract the bPK target from requested attribute. - * - * @param el Requested attribute from AuthnRequest - * @param spConfig Service-Provider configuration for current process - * @return true if bPK target extraction was successful, otherwise - * false - */ - private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, - ServiceProviderConfiguration spConfig) { - if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { - final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); - try { - spConfig.setBpkTargetIdentifier(sectorId); - return true; - - } catch (final EaafException e) { - log.warn("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: " - + spConfig.getUniqueIdentifier()); - } - - } else { - log.warn("Req. attribute '" + el.getName() - + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute"); - } - - return false; - - } - - private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq) - throws AuthnRequestValidatorException { - final List reqLoA = extractLoA(authnReq); - log.trace("SP requests LoA with: {}", String.join(", ", reqLoA)); - - LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration( - MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, - EaafConstants.EIDAS_LOA_HIGH)); - if (minimumLoAFromConfig == null) { - log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default", - EaafConstants.EIDAS_LOA_HIGH); - minimumLoAFromConfig = LevelOfAssurance.HIGH; - - } - - log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", - minimumLoAFromConfig); - final List allowedLoA = new ArrayList<>(); - for (final String loa : reqLoA) { - try { - final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa); - String selectedLoA = EaafConstants.EIDAS_LOA_HIGH; - if (intLoa != null - && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) { - log.info("Client: {} requested LoA: {} will be upgraded to: {}", - pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), - loa, - minimumLoAFromConfig); - selectedLoA = minimumLoAFromConfig.getValue(); - - } - - if (!allowedLoA.contains(selectedLoA)) { - log.debug("Allow LoA: {} for Client: {}", - selectedLoA, - pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); - allowedLoA.add(selectedLoA); - - } - - } catch (final IllegalArgumentException e) { - log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa); - - } - - } - - pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA( - allowedLoA); - - } - - private String extractComparisonLevel(AuthnRequest authnReq) { - if (authnReq.getRequestedAuthnContext() != null) { - final RequestedAuthnContext authContext = authnReq.getRequestedAuthnContext(); - return authContext.getComparison().toString(); - - } - - return null; - } - - private List extractLoA(AuthnRequest authnReq) throws AuthnRequestValidatorException { - final List result = new ArrayList<>(); - if (authnReq.getRequestedAuthnContext() != null) { - final RequestedAuthnContext authContext = authnReq.getRequestedAuthnContext(); - if (authContext.getComparison().equals(AuthnContextComparisonTypeEnumeration.MINIMUM)) { - if (authContext.getAuthnContextClassRefs().isEmpty()) { - log.debug("Authn. Req. contains no requested LoA"); - - } else if (authContext.getAuthnContextClassRefs().size() > 1) { - log.info("Authn. Req. contains MORE THAN ONE requested LoA, but " - + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one"); - throw new AuthnRequestValidatorException("pvp2.22", - new Object[] { "Authn. Req. contains MORE THAN ONE requested LoA, but " - + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one" }); - - } else { - result.add(authContext.getAuthnContextClassRefs().get(0).getAuthnContextClassRef()); - } - - } else if (authContext.getComparison().equals(AuthnContextComparisonTypeEnumeration.EXACT)) { - for (final AuthnContextClassRef el : authContext.getAuthnContextClassRefs()) { - result.add(el.getAuthnContextClassRef()); - } - - } else { - log.info("Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '" - + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported"); - throw new AuthnRequestValidatorException("pvp2.22", - new Object[] { "Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '" - + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported" }); - - } - - } - - return result; - } - - private String extractScopeRequsterId(AuthnRequest authnReq) { - if (authnReq.getScoping() != null) { - final Scoping scoping = authnReq.getScoping(); - if (scoping.getRequesterIDs() != null - && scoping.getRequesterIDs().size() > 0) { - if (scoping.getRequesterIDs().size() == 1) { - return scoping.getRequesterIDs().get(0).getRequesterID(); - } else { - log.info("Authn. request contains more than on RequesterIDs! Only use first one"); - return scoping.getRequesterIDs().get(0).getRequesterID(); - - } - } - } - - return null; - } - -} -- cgit v1.2.3