Merge branch 'eIDAS_node_implementation' into development_preview

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-10-17 15:04:49 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-10-17 15:04:49 +0200
commit: 92834aed9d97772a0d37330b9c60aee18374c759 (patch)
tree: 30adff7052c6eca919aed447a9640522b2c94c3d /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
parent: 698a0066e84dee07f0f8de8aa408d9744f755660 (diff)
parent: 7c5d84f1f4054d2c85207364d5d996c4ec6fe1f8 (diff)
download: moa-id-spss-92834aed9d97772a0d37330b9c60aee18374c759.tar.gz
moa-id-spss-92834aed9d97772a0d37330b9c60aee18374c759.tar.bz2
moa-id-spss-92834aed9d97772a0d37330b9c60aee18374c759.zip
1 files changed, 98 insertions, 32 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 6a6359058..3d04a142e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -60,7 +60,9 @@ import java.util.Set;
 import org.apache.commons.lang.SerializationUtils;
 
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
 import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters;
@@ -96,10 +98,31 @@ public class OAAuthParameter implements IOAAuthParameters, Serializable{
 	final public static String DEFAULT_KEYBOXIDENTIFIER = "SecureSignatureKeypair";
 	
 	private Map<String, String> oaConfiguration;
+	private List<String> targetAreasWithNoInteralBaseIdRestriction = new ArrayList<String>();
+	private List<String> targetAreasWithNoBaseIdTransmissionRestriction = new ArrayList<String>();		
 		
-		
-  public OAAuthParameter(final Map<String, String> oa) {	  
+  public OAAuthParameter(final Map<String, String> oa, AuthConfiguration authConfig) {	  
 	  this.oaConfiguration = oa;
+	  
+	  //set oa specific restrictions
+	  targetAreasWithNoInteralBaseIdRestriction = KeyValueUtils.getListOfCSVValues(
+			  authConfig.getBasicMOAIDConfiguration(
+					  CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL, 
+					  MOAIDAuthConstants.PREFIX_CDID));
+	  
+	  targetAreasWithNoBaseIdTransmissionRestriction = KeyValueUtils.getListOfCSVValues(
+			  authConfig.getBasicMOAIDConfiguration(
+					  CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION, 
+					  MOAIDAuthConstants.PREFIX_CDID));
+	  
+	  if (Logger.isTraceEnabled()) {
+		  Logger.trace("Internal policy for OA: " + getPublicURLPrefix());
+		  for (String el : targetAreasWithNoInteralBaseIdRestriction)
+			  Logger.trace(" Allow baseID processing for prefix " + el);		  
+		  for (String el : targetAreasWithNoBaseIdTransmissionRestriction)
+			  Logger.trace(" Allow baseID transfer for prefix " + el);
+		  		  
+	  }
   }
 
   
@@ -111,12 +134,54 @@ public class OAAuthParameter implements IOAAuthParameters, Serializable{
 	  return this.oaConfiguration.get(key);
   }
   
+  @Override
+  public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException {
+	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
+	  for (String el : targetAreasWithNoInteralBaseIdRestriction) {
+		  if (targetAreaIdentifier.startsWith(el))
+			  return false;
+		  
+	  }	  
+	  return true;
+	  
+  }
+
+  @Override
+  public boolean hasBaseIdTransferRestriction() throws ConfigurationException {
+	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
+	  for (String el : targetAreasWithNoBaseIdTransmissionRestriction) {
+		  if (targetAreaIdentifier.startsWith(el))
+			  return false;
+		  
+	  }	  
+	  return true;
+	  
+  }
+    
+  @Override
+  public String getAreaSpecificTargetIdentifier() throws ConfigurationException {	  
+	  if (getBusinessService())
+		  return getIdentityLinkDomainIdentifier();
+	  else
+		  return MOAIDAuthConstants.PREFIX_CDID + getTarget();
+	  		  
+  }
+  
+  @Override
+  public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException{
+	  if (getBusinessService())
+		  return getIdentityLinkDomainIdentifierType();
+	  else
+		  return getTargetFriendlyName();
+	  
+  }
+  
   
 /* (non-Javadoc)
  * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
  */
-@Override
-public String getIdentityLinkDomainIdentifier() {
+//@Override
+private String getIdentityLinkDomainIdentifier() {
 	String type = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE);
 	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE);
 	if (MiscUtil.isNotEmpty(type) && MiscUtil.isNotEmpty(value)) {
@@ -138,8 +203,8 @@ public String getIdentityLinkDomainIdentifier() {
 /* (non-Javadoc)
  * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType()
  */
-@Override
-public String getIdentityLinkDomainIdentifierType() {
+//@Override
+private String getIdentityLinkDomainIdentifierType() {
 	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE);
 	if (MiscUtil.isNotEmpty(value))
 		return MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(value);
@@ -151,8 +216,8 @@ public String getIdentityLinkDomainIdentifierType() {
 /* (non-Javadoc)
  * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget()
  */
-@Override
-public String getTarget() {
+//@Override
+private String getTarget() {
 	if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN)))
 		return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET);
 		
@@ -171,8 +236,8 @@ public String getTarget() {
 /* (non-Javadoc)
  * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTargetFriendlyName()
  */
-@Override
-public String getTargetFriendlyName() {
+//@Override
+private String getTargetFriendlyName() {
 	if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN)))
 		return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME);
 		
@@ -265,8 +330,8 @@ public String getKeyBoxIdentifier() {
 	 */
 	@Override
 	public String getBKUURL(String bkutype) {
-		if (bkutype.equals(ONLINEBKU)) {
-			return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE);
+		if (bkutype.equals(THIRDBKU)) {
+			return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD);
 			
 		} else if (bkutype.equals(HANDYBKU)) {
 			return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY);
@@ -274,10 +339,15 @@ public String getKeyBoxIdentifier() {
 		} else if (bkutype.equals(LOCALBKU)) {
 			return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL);
 			
+		} else if (bkutype.equals(ONLINEBKU)) {
+			return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD);
+			
 		}
+		
+		
 			
 		Logger.warn("BKU Type does not match: " 
-				+ ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU);
+				+ THIRDBKU + " or " + HANDYBKU + " or " + LOCALBKU);
 		return null;
 	}
 	
@@ -288,8 +358,8 @@ public String getKeyBoxIdentifier() {
 	public List<String> getBKUURL() {		
 		List<String> list = new ArrayList<String>();
 	
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE))
-			list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE));
+		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD))
+			list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD));
 		
 		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY))
 			list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY));
@@ -648,8 +718,8 @@ public boolean isInterfederationSSOStorageAllowed() {
 		return false;		
 }
 
-public boolean isIDPPublicService() {
-	return !getBusinessService();
+public boolean isIDPPublicService() throws ConfigurationException {
+	return !hasBaseIdTransferRestriction();
 	
 }
 
@@ -735,11 +805,7 @@ public String getPublicURLPrefix() {
 }
 
 
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService()
- */
-@Override
-public boolean getBusinessService() {
+private boolean getBusinessService() {
 	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE);
 	if (MiscUtil.isNotEmpty(value))
 		return Boolean.parseBoolean(value);	
@@ -780,16 +846,16 @@ public String getFriendlyName() {
 }
 
 
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType()
- */
-@Override
-public String getOaType() {
-	if (getBusinessService())
-		return "businessService";
-	else
-		return "publicService";
-}
+///* (non-Javadoc)
+// * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType()
+// */
+//@Override
+//public String getOaType() {
+//	if (getBusinessService())
+//		return "businessService";
+//	else
+//		return "publicService";
+//}
 
 
 /**
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-10-17 15:04:49 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-10-17 15:04:49 +0200
commit	92834aed9d97772a0d37330b9c60aee18374c759 (patch)
tree	30adff7052c6eca919aed447a9640522b2c94c3d /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
parent	698a0066e84dee07f0f8de8aa408d9744f755660 (diff)
parent	7c5d84f1f4054d2c85207364d5d996c4ec6fe1f8 (diff)
download	moa-id-spss-92834aed9d97772a0d37330b9c60aee18374c759.tar.gz moa-id-spss-92834aed9d97772a0d37330b9c60aee18374c759.tar.bz2 moa-id-spss-92834aed9d97772a0d37330b9c60aee18374c759.zip