aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-02-21 15:31:18 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-02-21 15:31:18 +0100
commit3a55eb69e5fa94d0bcc43a1732850a14e524f6cc (patch)
tree050aa8e4f371280e017c71d519c49a816932b483
parent8673d715af90bb7df168f4bac9979ab48ee04e3e (diff)
downloadmoa-id-spss-3a55eb69e5fa94d0bcc43a1732850a14e524f6cc.tar.gz
moa-id-spss-3a55eb69e5fa94d0bcc43a1732850a14e524f6cc.tar.bz2
moa-id-spss-3a55eb69e5fa94d0bcc43a1732850a14e524f6cc.zip
add support of additional eIDAS attributes by using a simple configuration file
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java51
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAEidasProtocolProcesser.java13
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java7
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java33
4 files changed, 77 insertions, 27 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 369d77863..eb5adcce1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -22,14 +22,15 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
import org.apache.xml.security.signature.XMLSignature;
import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.signature.SignatureConstants;
//import eu.eidas.auth.engine.core.validator.eidas.EIDASAttributes;
-import eu.eidas.auth.commons.attribute.AttributeRegistries;
-import eu.eidas.auth.commons.attribute.AttributeRegistry;
-
/**
* @author tlenz
*
@@ -61,12 +62,16 @@ public class Constants {
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "."
+ CONIG_PROPS_EIDAS_SAMLENGINE_SIGN + ".config.file";
public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "."
- + CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
+ + CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
+ public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ATTIONAL_ATTRIBUTE_DEFINITIONS =
+ CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".attributes.addition.config";
public static final String CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE = CONIG_PROPS_EIDAS_PREFIX + ".metadata.validation.truststore";
+
public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
public static final String CONIG_PROPS_EIDAS_NODE_COUNTRY = CONIG_PROPS_EIDAS_NODE + ".country";
- public static final String CONIG_PROPS_EIDAS_NODE_LoA = CONIG_PROPS_EIDAS_NODE + ".LoA";
+ public static final String CONIG_PROPS_EIDAS_NODE_LoA = CONIG_PROPS_EIDAS_NODE + ".LoA";
+
//timeouts and clock skews
@@ -115,21 +120,27 @@ public class Constants {
// }
// }
// );
-
- public static final AttributeRegistry NAT_ATTR =
- AttributeRegistries.of( eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER,
- eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME,
- eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME,
- eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH
- );
-
- public static final AttributeRegistry LEGAL_ATTR =
- AttributeRegistries.of( eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER,
- eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME
- );
-
- public static final AttributeRegistry MOA_IDP_ATTR_REGISTRY =
- AttributeRegistries.copyOf(NAT_ATTR, LEGAL_ATTR);
+
+ //eIDAS attributes that can be provided by MOA-ID
+ public static final List<String> MOA_IDP_SUPPORTED_eIDAS_ATTRIBUTES;
+ static {
+ List<String> supportAttrList = new ArrayList<String>();
+ //natural person attributes that can be provided by MOA-ID
+ supportAttrList.add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri().toString());
+ supportAttrList.add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri().toString());
+ supportAttrList.add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri().toString());
+ supportAttrList.add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri().toString());
+
+ //legal person attributes that can be provided by MOA-ID
+ supportAttrList.add(eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER.getNameUri().toString());
+ supportAttrList.add(eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME.getNameUri().toString());
+
+ //additionl person attributes that can be provided by MOA-ID
+ //supportAttrList.add("http://ehn/attributes/ehealth/patientidentifier");
+
+ MOA_IDP_SUPPORTED_eIDAS_ATTRIBUTES = Collections.unmodifiableList(supportAttrList);
+
+ }
public static final String METADATA_ALLOWED_ALG_DIGIST =
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAEidasProtocolProcesser.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAEidasProtocolProcesser.java
index c24c5efca..8abf29703 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAEidasProtocolProcesser.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAEidasProtocolProcesser.java
@@ -22,7 +22,9 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+import eu.eidas.auth.commons.attribute.AttributeRegistry;
import eu.eidas.auth.engine.core.eidas.EidasProtocolProcessor;
+import eu.eidas.auth.engine.core.eidas.spec.EidasSpec;
import eu.eidas.auth.engine.metadata.MetadataFetcherI;
import eu.eidas.auth.engine.metadata.MetadataSignerI;
@@ -38,11 +40,14 @@ public class MOAEidasProtocolProcesser extends EidasProtocolProcessor {
private final MetadataSignerI metadataSigner;
/**
- * @param metadataFetcher
- * @param metadataSigner
+ * Build a MOA specific eIDAS-engine protocol processor
+ *
+ * @param metadataFetcher eIDAS-engine Metadata fetcher implementation
+ * @param metadataSigner eIDAS-engine Signer implementation
+ * @param addAttrDefinitions additinal eIDAS attributes
*/
- public MOAEidasProtocolProcesser(MetadataFetcherI metadataFetcher, MetadataSignerI metadataSigner) {
- super(metadataFetcher, metadataSigner);
+ public MOAEidasProtocolProcesser(MetadataFetcherI metadataFetcher, MetadataSignerI metadataSigner, AttributeRegistry addAttrDefinitions) {
+ super(EidasSpec.REGISTRY, addAttrDefinitions, metadataFetcher, metadataSigner);
this.metadataFetcher = metadataFetcher;
this.metadataSigner = metadataSigner;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
index 8faaf1874..1bebdebbf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
@@ -305,7 +305,12 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
public ImmutableSortedSet<AttributeDefinition<?>> getAllSupportedAttributes() {
ImmutableSortedSet.Builder<AttributeDefinition<?>> builder =
new ImmutableSortedSet.Builder<>(Ordering.<AttributeDefinition<?>>natural());
- builder.addAll(Constants.MOA_IDP_ATTR_REGISTRY.getAttributes());
+
+ for (String attr : Constants.MOA_IDP_SUPPORTED_eIDAS_ATTRIBUTES) {
+ AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr);
+ builder.add(supAttr);
+ }
+
return builder.build();
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 70135c06f..edbecc4a0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -23,6 +23,8 @@
package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.util.HashMap;
import java.util.Map;
@@ -36,8 +38,13 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAEidasProtocolProces
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.AttributeRegistries;
+import eu.eidas.auth.commons.attribute.AttributeRegistry;
import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.auth.engine.SamlEngineSystemClock;
import eu.eidas.auth.engine.metadata.MetadataFetcherI;
@@ -62,6 +69,7 @@ public class SAMLEngineUtils {
if (eIDASEngine == null) {
try {
+
//get eIDAS SAMLengine configuration from MOA-ID configuration
CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
@@ -70,12 +78,25 @@ public class SAMLEngineUtils {
//set metadata signer
metadataSigner = new MOAExtendedSWSigner(configManager);
-
+
+ //load additional eIDAS attribute definitions
+ String additionalAttributeConfigFile =
+ AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ATTIONAL_ATTRIBUTE_DEFINITIONS);
+ AttributeRegistry addAttrDefinitions = AttributeRegistries.empty();
+ if (MiscUtil.isNotEmpty(additionalAttributeConfigFile)) {
+ URL addAttrConfigUrl = new URL(FileUtils.makeAbsoluteURL(
+ additionalAttributeConfigFile,
+ AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()));
+ addAttrDefinitions = AttributeRegistries.fromFile(addAttrConfigUrl.getPath());
+
+ }
+
//build eIDAS SAML eninge
ProtocolEngineI engine = MOAProtocolEngineFactory.createProtocolEngine(
Constants.eIDAS_SAML_ENGINE_NAME,
configManager,
- new MOAEidasProtocolProcesser(metadataFetcher, metadataSigner),
+ new MOAEidasProtocolProcesser(metadataFetcher, metadataSigner, addAttrDefinitions),
new SamlEngineSystemClock());
//build a map with all actually supported attributes
@@ -93,6 +114,14 @@ public class SAMLEngineUtils {
Logger.error("eIDAS SAMLengine initialization FAILED!", e);
throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e);
+ } catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) {
+ Logger.error("eIDAS SAMLengine initialization FAILED!", e);
+ throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e);
+
+ } catch (MalformedURLException e) {
+ Logger.error("eIDAS SAMLengine initialization FAILED!", e);
+ throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e);
+
}
}