Merge branch 'eIDAS_node_2.0_tests' into huge_refactoring

# Conflicts:
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
#	id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
#	id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
#	id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
#	id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
#	id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
#	id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
#	id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
#	id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java

2 files changed, 87 insertions, 1 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index 6e374995f..b976cba9e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -82,7 +82,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 			boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
 
 			//load MOA SSO-session from database
-			AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getSSOSessionIdentifier());
+			AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
 			
 			if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) {
 				Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ...");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
new file mode 100644
index 000000000..7d9a2c28c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
@@ -0,0 +1,86 @@
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+ 
+public class UserRestrictionTask extends AbstractAuthServletTask {
+		
+	public static final String CONFIG_PROPS_SP_LIST = "configuration.restrictions.sp.entityIds";
+	public static final String CONFIG_PROPS_CSV_USER_FILE = "configuration.restrictions.sp.users.url";
+	public static final String CONFIG_PROPS_CSV_USER_SECTOR = "configuration.restrictions.sp.users.sector";
+	
+	@Autowired(required=true) UserWhitelistStore whitelist;
+	
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try {			
+			String spEntityId = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier();			
+			List<String> restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicConfiguration(CONFIG_PROPS_SP_LIST));						
+			if (restrictedSPs.contains(spEntityId)) {
+				Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... ");				
+				AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+				
+				//check if user idl is already loaded
+				if (moasession.getIdentityLink() == null) {
+					Logger.warn("PendingRequest contains NO IdentityLink. User restrictation NOT possible!");
+					throw new MOAIDException("process.03", null);
+					
+				}
+				
+				//calculate whitelist bPK for current user
+				String bpkTarget = authConfig.getBasicConfiguration(CONFIG_PROPS_CSV_USER_SECTOR);
+				if (MiscUtil.isEmpty(bpkTarget)) {
+					Logger.info("NO bPK sector for user whitelist in configuration");
+					throw new MOAIDException("config.05", new Object[] {CONFIG_PROPS_CSV_USER_SECTOR});
+					
+				}
+				
+				Pair<String, String> pseudonym = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+						moasession.getIdentityLink().getIdentificationValue(), 
+						moasession.getIdentityLink().getIdentificationType(), 
+						bpkTarget);
+				
+				
+				//check if user's bPK is whitelisted 
+				if (!whitelist.isUserbPKInWhitelistDynamic(pseudonym.getFirst())) {
+					Logger.info("User's bPK is not whitelisted. Authentication process stops ...");
+					Logger.trace("User's bPK: " + pseudonym.getFirst());
+					throw new MOAIDException("auth.35", null);
+					
+				}
+				
+				Logger.debug("User was found in whitelist. Continue authentication process ... ");
+				
+			} else
+				Logger.trace("SP: " + spEntityId + " has no user restrication.");
+			
+			
+		} catch (MOAIDException e) {
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.warn("RestartAuthProzessManagement has an internal error", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		}		
+
+	}
+
+}