fix possible eIDAS attributes in IDP metadata

3 files changed, 103 insertions, 7 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 8471439e2..d93d739b1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -22,6 +22,16 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.signature.SignatureConstants;
+
+import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
+import eu.eidas.auth.engine.core.validator.eidas.EIDASAttributes;
+
 /**
  * @author tlenz
  *
@@ -60,23 +70,55 @@ public class Constants {
 	public static final long CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT = 7 * 24 * 60 * 60 * 1000;	//remove unused eIDAS metadata after 7 days
 		
 	//eIDAS attribute names
-	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
-	public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
-	public static final String eIDAS_ATTR_CURRENTGIVENNAME = "CurrentGivenName";
-	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "CurrentFamilyName";
+	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_PERSONIDENTIFIER;
+	public static final String eIDAS_ATTR_DATEOFBIRTH = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_DATEOFBIRTH;
+	public static final String eIDAS_ATTR_CURRENTGIVENNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_FIRSTNAME;
+	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_GIVENNAME;
 		
 	//http endpoint descriptions
 	public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
 	public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect";
-	public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";	
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/ColleagueRequest";
 	public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
 	public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
 	
+	
 	//Event-Codes for Revisionslog
 	public static final int eIDAS_REVERSIONSLOG_METADATA = 3400;
 	public static final int eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST = 3401;
 	public static final int eIDAS_REVERSIONSLOG_IDP_AUTHRESPONSE = 3402;
 	public static final int eIDAS_REVERSIONSLOG_SP_AUTHREQUEST= 3403;
 	public static final int eIDAS_REVERSIONSLOG_SP_AUTHRESPONSE= 3404;
-	
+		
+	//metadata constants
+    public final static Map<String, EidasAttributesTypes> METADATA_POSSIBLE_ATTRIBUTES = Collections.unmodifiableMap(
+            new HashMap<String, EidasAttributesTypes>(){
+				private static final long serialVersionUID = 1L;
+				{
+                    put(EIDASAttributes.ATTRIBUTE_GIVENNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+                    put(EIDASAttributes.ATTRIBUTE_FIRSTNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+                    put(EIDASAttributes.ATTRIBUTE_DATEOFBIRTH, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+                    put(EIDASAttributes.ATTRIBUTE_PERSONIDENTIFIER, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+
+                    //TODO: add additional attributes for eIDAS with mandates
+                    //put(EIDASAttributes.ATTRIBUTE_LEGALIDENTIFIER, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+                    //put(EIDASAttributes.ATTRIBUTE_LEGALNAME, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+                }
+            }
+    );
+    
+    public static final String METADATA_ALLOWED_ALG_DIGIST = 
+    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" + 
+    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512 ;
+    
+    public static final String METADATA_ALLOWED_ALG_SIGN = 
+    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" + 
+    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512;
+    
+    public static final String METADATA_ALLOWED_ALG_ENCRYPT = 
+    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM + ";" + 
+    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM + ";" + 
+    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM;
+    
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java
new file mode 100644
index 000000000..5837d7dbf
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import eu.eidas.auth.engine.core.ExtensionProcessorI;
+import eu.eidas.auth.engine.core.eidas.EidasExtensionProcessor;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDAsExtensionProcessor extends EidasExtensionProcessor implements ExtensionProcessorI {
+
+	/**
+	 * Add only eIDAS attributes which are supported by Austrian eIDAS node
+	 * 
+	 */
+    @Override
+    public Set<String> getSupportedAttributes(){
+        Set<String> supportedAttributes=new HashSet<String>( Constants.METADATA_POSSIBLE_ATTRIBUTES.keySet());
+       
+        return supportedAttributes;
+    }
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 8e46f0ef1..8fe44f4d6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -26,9 +26,11 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDAsExtensionProcessor;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.ExtensionProcessorI;
 import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 import eu.eidas.samlengineconfig.CertificateConfigurationManager;
 
@@ -51,10 +53,14 @@ public class SAMLEngineUtils {
 				EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
 							configManager);
 	
-				//set Metadata managment to eIDAS SAMLengine
+				//set metadata management to eIDAS SAMLengine
 				engine.setMetadataProcessor(
 						new MOAeIDASMetadataProviderDecorator(
 								MOAeIDASChainingMetadataProvider.getInstance()));
+	
+				//set MOA specific extension processor 
+				ExtensionProcessorI extensionProcessor = new MOAeIDAsExtensionProcessor();
+				engine.setExtensionProcessor(extensionProcessor);
 				
 				eIDASEngine = engine;