aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-03-30 13:19:37 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-03-30 13:19:37 +0200
commit8ca28920c78f58c1e1bd48bd5805a9f939f40c65 (patch)
treebc2c19421c48e02393b26a7046eab31b0d81a0fa
parentfc7b509ade0178cc322d21c045d7597fc9422685 (diff)
downloadmoa-id-spss-8ca28920c78f58c1e1bd48bd5805a9f939f40c65.tar.gz
moa-id-spss-8ca28920c78f58c1e1bd48bd5805a9f939f40c65.tar.bz2
moa-id-spss-8ca28920c78f58c1e1bd48bd5805a9f939f40c65.zip
fix possible eIDAS attributes in IDP metadata
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java54
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java48
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java8
3 files changed, 103 insertions, 7 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 8471439e2..d93d739b1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -22,6 +22,16 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.signature.SignatureConstants;
+
+import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
+import eu.eidas.auth.engine.core.validator.eidas.EIDASAttributes;
+
/**
* @author tlenz
*
@@ -60,23 +70,55 @@ public class Constants {
public static final long CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT = 7 * 24 * 60 * 60 * 1000; //remove unused eIDAS metadata after 7 days
//eIDAS attribute names
- public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
- public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
- public static final String eIDAS_ATTR_CURRENTGIVENNAME = "CurrentGivenName";
- public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "CurrentFamilyName";
+ public static final String eIDAS_ATTR_PERSONALIDENTIFIER = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_PERSONIDENTIFIER;
+ public static final String eIDAS_ATTR_DATEOFBIRTH = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_DATEOFBIRTH;
+ public static final String eIDAS_ATTR_CURRENTGIVENNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_FIRSTNAME;
+ public static final String eIDAS_ATTR_CURRENTFAMILYNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_GIVENNAME;
//http endpoint descriptions
public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect";
- public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+ public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+ public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/ColleagueRequest";
public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
+
//Event-Codes for Revisionslog
public static final int eIDAS_REVERSIONSLOG_METADATA = 3400;
public static final int eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST = 3401;
public static final int eIDAS_REVERSIONSLOG_IDP_AUTHRESPONSE = 3402;
public static final int eIDAS_REVERSIONSLOG_SP_AUTHREQUEST= 3403;
public static final int eIDAS_REVERSIONSLOG_SP_AUTHRESPONSE= 3404;
-
+
+ //metadata constants
+ public final static Map<String, EidasAttributesTypes> METADATA_POSSIBLE_ATTRIBUTES = Collections.unmodifiableMap(
+ new HashMap<String, EidasAttributesTypes>(){
+ private static final long serialVersionUID = 1L;
+ {
+ put(EIDASAttributes.ATTRIBUTE_GIVENNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+ put(EIDASAttributes.ATTRIBUTE_FIRSTNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+ put(EIDASAttributes.ATTRIBUTE_DATEOFBIRTH, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+ put(EIDASAttributes.ATTRIBUTE_PERSONIDENTIFIER, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+
+ //TODO: add additional attributes for eIDAS with mandates
+ //put(EIDASAttributes.ATTRIBUTE_LEGALIDENTIFIER, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+ //put(EIDASAttributes.ATTRIBUTE_LEGALNAME, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+ }
+ }
+ );
+
+ public static final String METADATA_ALLOWED_ALG_DIGIST =
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" +
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512 ;
+
+ public static final String METADATA_ALLOWED_ALG_SIGN =
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" +
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512;
+
+ public static final String METADATA_ALLOWED_ALG_ENCRYPT =
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM + ";" +
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM + ";" +
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM;
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java
new file mode 100644
index 000000000..5837d7dbf
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import eu.eidas.auth.engine.core.ExtensionProcessorI;
+import eu.eidas.auth.engine.core.eidas.EidasExtensionProcessor;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDAsExtensionProcessor extends EidasExtensionProcessor implements ExtensionProcessorI {
+
+ /**
+ * Add only eIDAS attributes which are supported by Austrian eIDAS node
+ *
+ */
+ @Override
+ public Set<String> getSupportedAttributes(){
+ Set<String> supportedAttributes=new HashSet<String>( Constants.METADATA_POSSIBLE_ATTRIBUTES.keySet());
+
+ return supportedAttributes;
+ }
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 8e46f0ef1..8fe44f4d6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -26,9 +26,11 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDAsExtensionProcessor;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.logging.Logger;
import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.ExtensionProcessorI;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import eu.eidas.samlengineconfig.CertificateConfigurationManager;
@@ -51,10 +53,14 @@ public class SAMLEngineUtils {
EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
configManager);
- //set Metadata managment to eIDAS SAMLengine
+ //set metadata management to eIDAS SAMLengine
engine.setMetadataProcessor(
new MOAeIDASMetadataProviderDecorator(
MOAeIDASChainingMetadataProvider.getInstance()));
+
+ //set MOA specific extension processor
+ ExtensionProcessorI extensionProcessor = new MOAeIDAsExtensionProcessor();
+ engine.setExtensionProcessor(extensionProcessor);
eIDASEngine = engine;