From 9b7b67ee1b3c00a3760e09c05fa9e65d4a4e80fa Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 24 Jul 2018 06:39:34 +0200 Subject: update countrySelectionProcess to support more than one eIDAS Nodes for different production stages. This is required, because eIDAS Ref. Impl. 2.0 and 2.1 supports only one countryCode each instance. --- .../modules/authmodule_eIDASv2/Constants.java | 1 - .../eIDASAuthenticationModulImpl.java | 5 +- .../tasks/GenerateAuthnRequestTask.java | 59 +++++++++++++++++++--- 3 files changed, 55 insertions(+), 10 deletions(-) (limited to 'eidas_modules/authmodule-eIDAS-v2') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java index b1cd128f..beb3cce7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/Constants.java @@ -11,7 +11,6 @@ import at.gv.egiz.eaaf.core.api.data.EAAFConstants; public class Constants { - public static final String EXECUTIONCONTEXT_SELECTED_COUNTRY = "selectedCountry"; public static final String DATA_REQUESTERID = "req_requesterId"; public static final String DATA_PROVIDERNAME = "req_providerName"; public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java index fef9cbfa..c41559b8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java @@ -6,6 +6,7 @@ import org.apache.commons.lang3.StringUtils; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants; /** * @author tlenz @@ -33,8 +34,8 @@ public class eIDASAuthenticationModulImpl implements AuthModule { */ @Override public String selectProcess(ExecutionContext context) { - if (StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY)) || - StringUtils.isNotBlank((String) context.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY))) + if (StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY)) || + StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY))) return "eIDASAuthentication_v2"; else return null; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java index d65ce72f..e9a7a190 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java @@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eidas.specific.connector.MSConnectorEventCodes; +import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants; import at.gv.egiz.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants; import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; @@ -70,9 +71,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //get service-provider configuration ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); - // get target and validate citizen countryCode - String citizenCountryCode = (String) executionContext.get(Constants.EXECUTIONCONTEXT_SELECTED_COUNTRY); - + // get target, environment and validate citizen countryCode + String citizenCountryCode = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + String environment = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT); + if (StringUtils.isEmpty(citizenCountryCode)) { // illegal state; task should not have been executed without a selected country throw new eIDASAuthenticationException("eidas.03", new Object[] { "" }); @@ -179,6 +181,18 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } + //select forward URL regarding the selected environment + String forwardURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); + if (StringUtils.isNotEmpty(environment)) + forwardURL = selectedForwardURLForEnvironment(environment); + + if (StringUtils.isEmpty(forwardURL)) { + log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops"); + throw new EAAFConfigurationException("config.08", new Object[] {Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL}); + + } + log.debug("ForwardURL: " + forwardURL + " selected to forward eIDAS request"); + if (basicConfig.getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD, Constants.FORWARD_METHOD_GET @@ -186,7 +200,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { log.debug("Use http-redirect for eIDAS node forwarding ... "); //send redirect - UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL)); + UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardURL); redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); response.sendRedirect(redirectUrl.build().encode().toString()); @@ -198,8 +212,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { Constants.TEMPLATE_POST_FORWARD_NAME, null); - config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL)); + config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL); config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, EidasParameterKeys.TOKEN.toString()); config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, @@ -223,7 +236,39 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } - private ImmutableAttributeMap translateToEidasAttributes(final Map requiredAttributes) { + /** + * Select a forward URL from configuration for a specific environment + *

+ * Info: This method is needed, because eIDAS Ref. Impl only supports one countrycode on each instance. + * In consequence, more than one eIDAS Ref. Impl nodes are required to support producation, testing, or QS stages + * for one country by using one ms-specific eIDAS connector + * + * @param environment Environment selector from CountrySlection page + * @return + */ + private String selectedForwardURLForEnvironment(String environment) { + log.trace("Starting endpoint selection process for environment: " + environment + " ... "); + if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION)) + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); + + else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS)) + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS); + + else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING)) + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING); + + else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT)) + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT); + + log.info("Environment selector: " + environment + " is not supported"); + return null; + + } + + private ImmutableAttributeMap translateToEidasAttributes(final Map requiredAttributes) { ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder(); for (Map.Entry attribute : requiredAttributes.entrySet()) { final String name = attribute.getKey(); -- cgit v1.2.3