change STORK QAA to eIDAS LoA

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-08-16 07:08:26 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-08-16 07:08:26 +0200
commit: a60b99e926ccd5c18baa36144922a94835819777 (patch)
tree: ab19e4609c2e4e8b1cd8d449c3ad83a8665fe355
parent: a9c3d654ebd5af475c1fb634d4fb03d8499218ee (diff)
download: moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.tar.gz
moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.tar.bz2
moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.zip
22 files changed, 163 insertions, 122 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
index e71bad299..b5c996c72 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
@@ -27,6 +27,7 @@ import java.util.List;
 
 import org.apache.log4j.Logger;
 
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ForeignIdentities;
@@ -40,7 +41,7 @@ public class GeneralStorkConfig {
 
 	private List<CPEPS> cpepslist;
 	private List<StorkAttribute> attributes;
-	private int qaa;
+	private String qaa;
     private static final Logger log = Logger.getLogger(GeneralStorkConfig.class);
 
     private MOAIDConfiguration dbconfig = null;
@@ -91,10 +92,10 @@ public class GeneralStorkConfig {
 						}
 
 						try {
-							qaa = stork.getQualityAuthenticationAssuranceLevel();
+							qaa = stork.getGeneral_eIDAS_LOA();
 							
 						} catch(NullPointerException e) {
-							qaa = 4;
+							qaa = MOAIDConstants.eIDAS_LOA_HIGH;
 						}
 					}
 					
@@ -114,6 +115,10 @@ public class GeneralStorkConfig {
 			attributes.add(new StorkAttribute());
 	}
 
+	public List<String> getAllowedLoALevels() {
+		return MOAIDConstants.ALLOWED_eIDAS_LOA;
+	}
+    
     public List<CPEPS> getRawCPEPSList() {
     	return cpepslist;
     }
@@ -161,11 +166,11 @@ public class GeneralStorkConfig {
 		this.attributes = attributes;
 	}
 
-	public int getDefaultQaa() {
+	public String getDefaultQaa() {
 		return qaa;
 	}
 
-	public void setDefaultQaa(int qaa) {
+	public void setDefaultQaa(String qaa) {
 		this.qaa = qaa;
 	}
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
index c0e1eaaf7..fb096a2a0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.log4j.Logger;
 
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
@@ -49,7 +50,7 @@ public class OASTORKConfig implements IOnlineApplicationData{
 	private static final Logger log = Logger.getLogger(OASTORKConfig.class);
 	
 	private boolean isStorkLogonEnabled = false;
-	private int qaa;
+	private String qaa;
 
 	private List<AttributeHelper> attributes = null;
 
@@ -107,14 +108,14 @@ public class OASTORKConfig implements IOnlineApplicationData{
 				setStorkLogonEnabled(config.isStorkLogonEnabled());
 
 				try {
-					setQaa(config.getQaa());
+					setQaa(config.geteIDAS_LOA());
 				} catch(NullPointerException e) {
 					// if there is no configuration available for the OA, get the default qaa level
 					try {
-						setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getQualityAuthenticationAssuranceLevel());
+						setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getGeneral_eIDAS_LOA());
 						
 					} catch (NullPointerException e1) {
-						setQaa(4);
+						setQaa(MOAIDConstants.eIDAS_LOA_HIGH);
 						
 					}
 				}
@@ -208,7 +209,7 @@ public class OASTORKConfig implements IOnlineApplicationData{
         }
         // transfer the incoming data to the database model
         stork.setStorkLogonEnabled(isStorkLogonEnabled());
-        stork.setQaa(getQaa());
+        stork.seteIDAS_LOA(getQaa());
         stork.setOAAttributes(getAttributes());
         stork.setVidpEnabled(isVidpEnabled());
         stork.setRequireConsent(isRequireConsent());
@@ -227,11 +228,11 @@ public class OASTORKConfig implements IOnlineApplicationData{
 		this.isStorkLogonEnabled = enabled;
 	}
 
-	public int getQaa() {
+	public String getQaa() {
 		return qaa;
 	}
 
-	public void setQaa(int qaa) {
+	public void setQaa(String qaa) {
 		this.qaa = qaa;
 	}
 
@@ -282,6 +283,11 @@ public class OASTORKConfig implements IOnlineApplicationData{
 		return citizenCountries;
 	}
 	
+
+	public List<String> getAllowedLoALevels() {
+		return MOAIDConstants.ALLOWED_eIDAS_LOA;
+	}
+	
 	public List<String> getEnabledCitizenCountries() {
 		return enabledCitizenCountries;
 	}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 40e9b1a90..5e348f91b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -553,7 +553,7 @@ public class EditGeneralConfigAction extends BasicAction {
 
             try {
             	log.error("QAAAA " + storkconfig.getDefaultQaa());
-            	stork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa());
+            	stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa());
 			
 				if (storkconfig.getAttributes() != null) {
 					List<StorkAttribute> dbStorkAttr = new ArrayList<StorkAttribute>();
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index 6b5c51e3f..ed2c2f903 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -7,6 +7,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.log4j.Logger;
 
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -82,9 +83,9 @@ public class StorkConfigValidator {
 		}
 
 		// check qaa
-		int qaa = form.getDefaultQaa();
-		if(1 > qaa && 4 < qaa) {
-			log.warn("QAA is out of range : " + qaa);
+		String qaa = form.getDefaultQaa();
+		if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
+			log.warn("eIDAS LoA is not allowed : " + qaa);
 			errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
 					new Object[] {qaa}, request ));
 		}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
index 5c451c06a..6a03bf194 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
@@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.log4j.Logger;
 
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
@@ -45,9 +46,9 @@ public class OASTORKConfigValidation {
 		List<String> errors = new ArrayList<String>();
 
 		// check qaa
-		int qaa = oageneral.getQaa();
-		if(1 > qaa && 4 < qaa) {
-			log.warn("QAA is out of range : " + qaa);
+		String qaa = oageneral.getQaa();
+		if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
+			log.warn("eIDAS LoA is not allowed : " + qaa);
 			errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
 					new Object[] {qaa}, request ));
 		}
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index b77097e70..ae2678c8a 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -501,7 +501,7 @@ validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig
 validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig
 validation.stork.cpeps.duplicate=L\u00E4ndercodes sind nicht eindeutig
 validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2
-validation.stork.qaa.outofrange=G\u00FCltige QAA Werte sind 1, 2, 3, und 4
+validation.stork.qaa.outofrange=Ung\u00FCltiger LoA Werte {0}
 validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein
 validation.stork.ap.url.valid=Ung\u00FCltige AttributProvider Url
 validation.stork.ap.name.empty=Ung\u00FCltiger AttributProvider Name
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index d62ce3807..d09301dab 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -499,7 +499,7 @@ validation.stork.cpeps.empty=CPEPS configuration is incomplete
 validation.stork.cpeps.url=CPEPS URL is invalid
 validation.stork.cpeps.duplicate=Country codes are not unique
 validation.stork.requestedattributes=STORK attributes are incorrect. Example: attr1, attr2
-validation.stork.qaa.outofrange=Valid QAA values are 1, 2, 3, and 4
+validation.stork.qaa.outofrange=Not valid LoA value {0}
 validation.stork.attributes.empty=Only one attribute can be provided
 validation.stork.ap.url.valid=Invalid URL of AttributeProvider
 validation.stork.ap.name.empty=Invalid name of AttributeProvider
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
index 254418415..c54e386a2 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
@@ -277,11 +277,12 @@
 						
 						<div class="oa_config_block">
 							<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h3>
-							<s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}"
-								value="#{storkconfig.defaultQaa}"
+							<s:select list="storkconfig.allowedLoALevels"
+								value="%{storkconfig.defaultQaa}"
 								name="storkconfig.defaultQaa"
 								key="webpages.moaconfig.stork.qaa.default"
-								labelposition="left" />
+								labelposition="left" 
+								cssClass="textfield_long" />
 							<h4><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %></h4>
               <table id="stork_pepslist">
 								<tr><td>Country Shortcode</td><td style="text-align:center;">PEPS URL</td><td>Supports XMLEncryption</td></tr>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
index 78fdf8921..76c8d069b 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
@@ -14,11 +14,15 @@
 							onclick="oaStork();"
 							id="OAuseSTORKLogon" />
 						<div id="stork_block">
-							<s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}"
-								value="#{storkOA.qaa}"
+							
+							<s:select list="storkOA.allowedLoALevels"
+								value="%{storkOA.qaa}"
 								name="storkOA.qaa"
 								key="webpages.moaconfig.stork.qaa"
-								labelposition="left" />
+								labelposition="left" 
+								cssClass="textfield_long"/>
+								
+								
 							<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4>
 							<s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" />
 							<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4>
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index 8a1a2925b..6d1dafd6c 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
 
 import at.gv.egiz.components.configuration.api.Configuration;
 import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -185,20 +186,20 @@ public static final List<String> KEYWHITELIST;
 	
 		// check qaa		
 		try {
-			int qaa = Integer.valueOf(input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)));
-			if(1 > qaa && 4 < qaa) {
-				log.warn("QAA is out of range : " + qaa);
+			String eIDAS_LOA = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); 
+			if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(eIDAS_LOA)) {
+				log.warn("eIDAS LoA is not allowed : " + eIDAS_LOA);
 				errors.add(new ValidationObjectIdentifier(
 					MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, 
-					"STORK - QAA Level",
+					"eIDAS - LoA Level",
 					LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
-					new Object[] {qaa})));
+					new Object[] {eIDAS_LOA})));
 			}
 		} catch (Exception e) {
-			log.warn("STORK QAA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA));
+			log.warn("eIDAS LoA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA));
 			errors.add(new ValidationObjectIdentifier(
 				MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, 
-				"STORK - QAA Level",
+				"eIDAS - LoA Level",
 				LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
 				new Object[] {input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA)})));
 			
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
index 087334c4b..7f5e93ff9 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
 
 import at.gv.egiz.components.configuration.api.Configuration;
 import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
@@ -253,26 +254,15 @@ public class ServicesAuthenticationSTORKTask extends AbstractTaskValidator imple
 
 		// check qaa
 		String qaaString = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL);
-		if (MiscUtil.isNotEmpty(qaaString)) {
-			try {
-				int qaa = Integer.parseInt(qaaString);
-				if(1 > qaa && 4 < qaa) {
-					log.warn("QAA is out of range : " + qaa);
-					errors.add(new ValidationObjectIdentifier(
-							MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, 
-							"STORK - minimal QAA level",
-							LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
-									new Object[] {qaa})));
-				}
-				
-			} catch (NumberFormatException e) {
-				log.warn("QAA level is not a number: " + qaaString);
+		if (MiscUtil.isNotEmpty(qaaString)) {						
+			if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaaString)) {								
+				log.warn("eIDAS-LoA is not allowed: " + qaaString);
 				errors.add(new ValidationObjectIdentifier(
 						MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, 
-						"STORK - minimal QAA level",
+						"eIDAS - LoA is not allowed",
 						LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
 								new Object[] {qaaString})));
-			}
+			}				
 		}
 							
 		if (!errors.isEmpty())
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 9f39e32cc..6a6359058 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -398,25 +398,13 @@ public boolean isOnlyMandateAllowed() {
  * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
  */
 @Override
-public Integer getQaaLevel() {
-	try {
-		Integer storkQAALevel = Integer.parseInt(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL));
-	
-	if (storkQAALevel >= 1 &&
-			storkQAALevel <= 4)
-		return storkQAALevel;
-	
-	else {
-		Logger.info("STORK minimal QAA level is not in a valid range. Use minimal QAA 4");
-		return 4;
+public String getQaaLevel() {
+		String eidasLoALevel = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL);	
+		if (MiscUtil.isEmpty(eidasLoALevel))
+			return MOAIDConstants.eIDAS_LOA_HIGH;		
+		else
+			return eidasLoALevel;
 		
-	}
-	
-	} catch (NumberFormatException e) {
-		Logger.warn("STORK minimal QAA level is not a number.", e);
-		return 4;
-		
-	}
 }
 
 /* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 8d70b1444..9fd58b5c7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -201,7 +201,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
 	 */
 	@Override
-	public Integer getQaaLevel() {
+	public String getQaaLevel() {
 		// TODO Auto-generated method stub
 		return null;
 	}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
index 27744273f..6d573efe8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
@@ -63,10 +63,15 @@ public class MOAIDConstants {
     public static final List<String> ALLOWED_KEYBOXIDENTIFIER;
     public static final List<String> ALLOWED_REDIRECTTARGETNAMES;
     public static final List<String> ALLOWED_STORKATTRIBUTEPROVIDERS;
+    public static final List<String> ALLOWED_eIDAS_LOA;
     public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND;
     
     public static final String UNIQUESESSIONIDENTIFIER = "uniqueSessionIdentifier";
     
+    public static final String eIDAS_LOA_LOW = "http://eidas.europa.eu/LoA/low";
+    public static final String eIDAS_LOA_SUBSTANTIAL = "http://eidas.europa.eu/LoA/substantial";
+    public static final String eIDAS_LOA_HIGH = "http://eidas.europa.eu/LoA/high";
+    
 	static {
 		Hashtable<String, String> tmp = new Hashtable<String, String>();
 		tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer");
@@ -90,6 +95,12 @@ public class MOAIDConstants {
         keyboxIDs.add(KEYBOXIDENTIFIER_CERTIFIED);        
         ALLOWED_KEYBOXIDENTIFIER = Collections.unmodifiableList(keyboxIDs);
         
+        List<String> eIDASLOA = new ArrayList<String>();
+        eIDASLOA.add(eIDAS_LOA_LOW);
+        eIDASLOA.add(eIDAS_LOA_SUBSTANTIAL);
+        eIDASLOA.add(eIDAS_LOA_HIGH);
+        ALLOWED_eIDAS_LOA = Collections.unmodifiableList(eIDASLOA); 
+        
         List<String> redirectTargets = new ArrayList<String>();
         redirectTargets.add(REDIRECTTARGET_BLANK);
         redirectTargets.add(REDIRECTTARGET_PARENT);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index be6d34275..1aea8d7b6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -152,7 +152,12 @@ public interface IOAAuthParameters {
 	 */
 	public boolean isShowStorkLogin();
 
-	public Integer getQaaLevel();
+	/**
+	 * Return the eIDAS LoA which is minimum required
+	 * 
+	 * @return eIDAS LoA as URL identifier
+	 */
+	public String getQaaLevel();
 
 	public boolean isRequireConsentForStorkAttributes();
 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index e865c4ed6..8472d7c06 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -32,6 +32,7 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
@@ -354,10 +355,11 @@ public class ConfigurationMigrationUtils {
 					else
 						result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, Boolean.FALSE.toString());
 
-					if (config.getQaa() != null)
-						result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.getQaa().toString());
+					if (config.geteIDAS_LOA() != null)
+						result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.geteIDAS_LOA());
 					else
-						result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, "4");
+						result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, 
+								MOAIDConstants.eIDAS_LOA_HIGH);
 
 					
 					// fetch vidp config					
@@ -963,7 +965,7 @@ public class ConfigurationMigrationUtils {
             // transfer the incoming data to the database model
             stork.setStorkLogonEnabled(Boolean.parseBoolean(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED)));
             if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL)))
-            	stork.setQaa(Integer.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL)));
+            	stork.seteIDAS_LOA(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL));
                         
             if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES)) 
             		&& oa.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES).equals(MOAIDConfigurationConstants.PREFIX_VIDP)) 
@@ -1468,11 +1470,11 @@ public class ConfigurationMigrationUtils {
 
 					try {
 						result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, 
-								String.valueOf(stork.getQualityAuthenticationAssuranceLevel()));
+								stork.getGeneral_eIDAS_LOA());
 						
 					} catch(NullPointerException e) {
 						result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, 
-								String.valueOf(4));
+								MOAIDConstants.eIDAS_LOA_HIGH);
 					}
 				}
 			
@@ -1715,6 +1717,12 @@ public class ConfigurationMigrationUtils {
 					
 				}
 
+				//set eIDAS default LoA from general configuration
+				String eIDASDefaultLOA = moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA);
+				if (MiscUtil.isNotEmpty(eIDASDefaultLOA))
+					stork.setGeneral_eIDAS_LOA(eIDASDefaultLOA);
+				
+					
 		           Map<String, StorkAttribute> attrMap = new HashMap<String, StorkAttribute>();
 		            Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
 		            
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
index 397fd828b..0f76c4e63 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
@@ -11,29 +11,21 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
-import javax.persistence.Basic;
+
 import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
 import javax.persistence.JoinTable;
 import javax.persistence.ManyToMany;
 import javax.persistence.OneToMany;
-import javax.persistence.Table;
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlTransient;
 import javax.xml.bind.annotation.XmlType;
 import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
+
 import org.jvnet.jaxb2_commons.lang.Equals;
 import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
 import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -43,6 +35,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy;
 import org.jvnet.jaxb2_commons.locator.ObjectLocator;
 import org.jvnet.jaxb2_commons.locator.util.LocatorUtils;
 
+import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
+
 
 /**
  * <p>Java class for anonymous complex type.
@@ -110,6 +104,9 @@ public class OASTORK
     @XmlAttribute(name = "Hjid")
     protected Long hjid;
 
+    @XmlTransient
+    protected String eIDAS_LOA = null;
+    
     /**
      * Gets the value of the storkLogonEnabled property.
      * 
@@ -162,7 +159,23 @@ public class OASTORK
         this.qaa = value;
     }
 
+    
+    
     /**
+	 * @return the eIDAS_LOA
+	 */
+	public String geteIDAS_LOA() {
+		return eIDAS_LOA;
+	}
+
+	/**
+	 * @param eIDAS_LOA the eIDAS_LOA to set
+	 */
+	public void seteIDAS_LOA(String eIDAS_LOA) {
+		this.eIDAS_LOA = eIDAS_LOA;
+	}
+
+	/**
      * Gets the value of the oaAttributes property.
      * 
      * <p>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
index 59b300e95..bcd159702 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
@@ -11,25 +11,18 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
-import javax.persistence.Basic;
+
 import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
 import javax.persistence.ManyToOne;
 import javax.persistence.OneToMany;
-import javax.persistence.Table;
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlTransient;
 import javax.xml.bind.annotation.XmlType;
+
 import org.jvnet.jaxb2_commons.lang.Equals;
 import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
 import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -94,6 +87,9 @@ public class STORK
     @XmlAttribute(name = "Hjid")
     protected Long hjid;
 
+    @XmlTransient
+    protected String general_eIDAS_LOA = null;
+    
     /**
      * Gets the value of the cpeps property.
      * 
@@ -257,7 +253,21 @@ public class STORK
         this.hjid = value;
     }
 
-    public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
+    /**
+	 * @return the general_eIDAS_LOA
+	 */
+	public String getGeneral_eIDAS_LOA() {
+		return general_eIDAS_LOA;
+	}
+
+	/**
+	 * @param general_eIDAS_LOA the general_eIDAS_LOA to set
+	 */
+	public void setGeneral_eIDAS_LOA(String general_eIDAS_LOA) {
+		this.general_eIDAS_LOA = general_eIDAS_LOA;
+	}
+
+	public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
         if (!(object instanceof STORK)) {
             return false;
         }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index eb32d1d12..7664eec86 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -78,7 +78,9 @@ public class Constants {
 	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
 	public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
 	public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName";	
-	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";
+	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";	
+	public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier";
+	public static final String eIDAS_ATTR_LEGALNAME = "LegalName";
 		
 	//http endpoint descriptions
 	public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index ee71e8e6b..a3fd51c4c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -94,23 +94,25 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			//get service-provider configuration
 			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
 
-			// get target country
+			// get target and validate citizen countryCode
 			String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
 
 			if (StringUtils.isEmpty(citizenCountryCode)) {
 				// illegal state; task should not have been executed without a selected country
 				throw new AuthenticationException("eIDAS.03", new Object[] { "" });
+				
 			}
-
 			CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
 			if(null == cpeps) {
 				Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
 				throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
 			}
 			Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
+
+			
+			// select SingleSignOnService Endpoint from eIDAS-node metadata 
 			String destination = null;
 			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
-
 			try {
 				EntityDescriptor eIDASNodeMetadata = eIDASMetadataProvider.getEntityDescriptor(metadataUrl);
 				if (eIDASNodeMetadata != null) {
@@ -129,10 +131,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 				Logger.warn("Load eIDAS metadata from node:" + metadataUrl + " FAILED with an error.", e);
 				
 			}
-			
-			
+
+			// load SingleSignOnService Endpoint from configuration, if Metadata contains no information
+			// FIXME convenience function for not standard conform metadata 
 			if (MiscUtil.isEmpty(destination)) {
-				destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
+				destination = cpeps.getPepsURL().toString().split(";")[1].trim(); 
 				
 				if (MiscUtil.isNotEmpty(destination))
 					Logger.debug("Use eIDAS node destination URL:" + destination + " from configuration");
@@ -189,11 +192,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
 			authnRequestBuilder.issuer(issur);
 			authnRequestBuilder.destination(destination);
+						
+			authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);			
 			
+			//set minimum required eIDAS LoA from OA config			
+			authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel()));			
 			authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM);
-			authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);			
-			//TODO: load from OA-Configuration
-			authnRequestBuilder.levelOfAssurance(LevelOfAssurance.LOW);			
 			
 			//set correct SPType for this online application
 			if (oaConfig.getBusinessService())
@@ -202,8 +206,9 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 				authnRequestBuilder.spType(SpType.PUBLIC);
 			
 			
-			//TODO: make it loadable from config
-			authnRequestBuilder.serviceProviderCountryCode("AT");
+			//set service provider (eIDAS node) countryCode 
+			authnRequestBuilder.serviceProviderCountryCode(
+					authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"));
 			
 			//set citizen country code for foreign uses
 			authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode());
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index cb91d5fa3..9fab58f94 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -350,17 +350,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
         			eIDASRespBuilder.statusMessage(e.getMessage());
      			
         		}
-     		        		
-        		if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
-    				String assertionConsumerUrl = MetadataUtil.getAssertionConsumerUrlFromMetadata(
-    						SAMLEngineUtils.getMetadataFetcher(),
-    						SAMLEngineUtils.getMetadataSigner(),
-    						eidasReq.getEidasRequest());
-    				
-    				//TODO: set AssertionConsumerService is required?
-    				
-    			}
-        		
+     		        		    		
         		eIDASRespBuilder.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName());
         		eIDASRespBuilder.inResponseTo(eidasReq.getEidasRequest().getId());
         		
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index af180ff10..3affa17b3 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -265,7 +265,7 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
 	 */
 	@Override
-	public Integer getQaaLevel() {
+	public String getQaaLevel() {
 		// TODO Auto-generated method stub
 		return null;
 	}
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-08-16 07:08:26 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-08-16 07:08:26 +0200
commit	a60b99e926ccd5c18baa36144922a94835819777 (patch)
tree	ab19e4609c2e4e8b1cd8d449c3ad83a8665fe355
parent	a9c3d654ebd5af475c1fb634d4fb03d8499218ee (diff)
download	moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.tar.gz moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.tar.bz2 moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.zip