enable mandates for eIDAS nodes

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-10-13 13:18:11 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-10-13 13:18:11 +0200
commit: d703b4201def4ea55bc865da87010972d13a434e (patch)
tree: d9be30af066c7cf6281a15954318d40bf37131b5 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth
parent: 1a80e310ed77110a8757b78b750a6a000495b16f (diff)
download: moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.gz
moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.bz2
moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.zip
3 files changed, 187 insertions, 81 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index e96169688..3d04a142e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -60,7 +60,9 @@ import java.util.Set;
 import org.apache.commons.lang.SerializationUtils;
 
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
 import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters;
@@ -96,10 +98,31 @@ public class OAAuthParameter implements IOAAuthParameters, Serializable{
 	final public static String DEFAULT_KEYBOXIDENTIFIER = "SecureSignatureKeypair";
 	
 	private Map<String, String> oaConfiguration;
+	private List<String> targetAreasWithNoInteralBaseIdRestriction = new ArrayList<String>();
+	private List<String> targetAreasWithNoBaseIdTransmissionRestriction = new ArrayList<String>();		
 		
-		
-  public OAAuthParameter(final Map<String, String> oa) {	  
+  public OAAuthParameter(final Map<String, String> oa, AuthConfiguration authConfig) {	  
 	  this.oaConfiguration = oa;
+	  
+	  //set oa specific restrictions
+	  targetAreasWithNoInteralBaseIdRestriction = KeyValueUtils.getListOfCSVValues(
+			  authConfig.getBasicMOAIDConfiguration(
+					  CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL, 
+					  MOAIDAuthConstants.PREFIX_CDID));
+	  
+	  targetAreasWithNoBaseIdTransmissionRestriction = KeyValueUtils.getListOfCSVValues(
+			  authConfig.getBasicMOAIDConfiguration(
+					  CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION, 
+					  MOAIDAuthConstants.PREFIX_CDID));
+	  
+	  if (Logger.isTraceEnabled()) {
+		  Logger.trace("Internal policy for OA: " + getPublicURLPrefix());
+		  for (String el : targetAreasWithNoInteralBaseIdRestriction)
+			  Logger.trace(" Allow baseID processing for prefix " + el);		  
+		  for (String el : targetAreasWithNoBaseIdTransmissionRestriction)
+			  Logger.trace(" Allow baseID transfer for prefix " + el);
+		  		  
+	  }
   }
 
   
@@ -111,12 +134,54 @@ public class OAAuthParameter implements IOAAuthParameters, Serializable{
 	  return this.oaConfiguration.get(key);
   }
   
+  @Override
+  public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException {
+	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
+	  for (String el : targetAreasWithNoInteralBaseIdRestriction) {
+		  if (targetAreaIdentifier.startsWith(el))
+			  return false;
+		  
+	  }	  
+	  return true;
+	  
+  }
+
+  @Override
+  public boolean hasBaseIdTransferRestriction() throws ConfigurationException {
+	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
+	  for (String el : targetAreasWithNoBaseIdTransmissionRestriction) {
+		  if (targetAreaIdentifier.startsWith(el))
+			  return false;
+		  
+	  }	  
+	  return true;
+	  
+  }
+    
+  @Override
+  public String getAreaSpecificTargetIdentifier() throws ConfigurationException {	  
+	  if (getBusinessService())
+		  return getIdentityLinkDomainIdentifier();
+	  else
+		  return MOAIDAuthConstants.PREFIX_CDID + getTarget();
+	  		  
+  }
+  
+  @Override
+  public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException{
+	  if (getBusinessService())
+		  return getIdentityLinkDomainIdentifierType();
+	  else
+		  return getTargetFriendlyName();
+	  
+  }
+  
   
 /* (non-Javadoc)
  * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
  */
-@Override
-public String getIdentityLinkDomainIdentifier() {
+//@Override
+private String getIdentityLinkDomainIdentifier() {
 	String type = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE);
 	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE);
 	if (MiscUtil.isNotEmpty(type) && MiscUtil.isNotEmpty(value)) {
@@ -138,8 +203,8 @@ public String getIdentityLinkDomainIdentifier() {
 /* (non-Javadoc)
  * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType()
  */
-@Override
-public String getIdentityLinkDomainIdentifierType() {
+//@Override
+private String getIdentityLinkDomainIdentifierType() {
 	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE);
 	if (MiscUtil.isNotEmpty(value))
 		return MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(value);
@@ -151,8 +216,8 @@ public String getIdentityLinkDomainIdentifierType() {
 /* (non-Javadoc)
  * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget()
  */
-@Override
-public String getTarget() {
+//@Override
+private String getTarget() {
 	if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN)))
 		return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET);
 		
@@ -171,8 +236,8 @@ public String getTarget() {
 /* (non-Javadoc)
  * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTargetFriendlyName()
  */
-@Override
-public String getTargetFriendlyName() {
+//@Override
+private String getTargetFriendlyName() {
 	if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN)))
 		return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME);
 		
@@ -653,8 +718,8 @@ public boolean isInterfederationSSOStorageAllowed() {
 		return false;		
 }
 
-public boolean isIDPPublicService() {
-	return !getBusinessService();
+public boolean isIDPPublicService() throws ConfigurationException {
+	return !hasBaseIdTransferRestriction();
 	
 }
 
@@ -740,11 +805,7 @@ public String getPublicURLPrefix() {
 }
 
 
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService()
- */
-@Override
-public boolean getBusinessService() {
+private boolean getBusinessService() {
 	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE);
 	if (MiscUtil.isNotEmpty(value))
 		return Boolean.parseBoolean(value);	
@@ -785,16 +846,16 @@ public String getFriendlyName() {
 }
 
 
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType()
- */
-@Override
-public String getOaType() {
-	if (getBusinessService())
-		return "businessService";
-	else
-		return "publicService";
-}
+///* (non-Javadoc)
+// * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType()
+// */
+//@Override
+//public String getOaType() {
+//	if (getBusinessService())
+//		return "businessService";
+//	else
+//		return "publicService";
+//}
 
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index b1fc12f26..332604257 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -412,7 +412,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 			return null;
 		}
 
-		return new OAAuthParameter(oa);
+		return new OAAuthParameter(oa, this);
 	}
 
 	/**
@@ -817,7 +817,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	public String getSSOFriendlyName() {
 		try {
 			return configuration.getStringValue(
-					MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, "Default MOA-ID friendly name for SSO");
+					MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, "Default MOA-ID friendly name for SSO");
 			
 		} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
 			Logger.warn("Single Sign-On FriendlyName can not be read from configuration.", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 9fd58b5c7..f3db82315 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -32,6 +32,7 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 
 /**
  * @author tlenz
@@ -45,33 +46,84 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 	private static final long serialVersionUID = 1648437815185614566L;
 
 	private String publicURLPrefix;
-	
-	private String businessTarget;
-	
-	private boolean businessService;
-	
+		
 	private boolean isInderfederationIDP;
-	
 	private String IDPQueryURL;
 
-	private String target;
-		
+	private boolean hasBaseIdProcessingRestriction;
+	private boolean hasBaseIdTransfergRestriction;
+	private String oaTargetAreaIdentifier;
+	
+	
 	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget()
+	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdInternalProcessingRestriction()
 	 */
 	@Override
-	public String getTarget() {
-		return this.target;
+	public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException {
+		return this.hasBaseIdProcessingRestriction;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdTransferRestriction()
+	 */
+	@Override
+	public boolean hasBaseIdTransferRestriction() throws ConfigurationException {
+		return this.hasBaseIdTransfergRestriction;
 	}
 	
 	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
+	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier()
+	 */
+	@Override
+	public String getAreaSpecificTargetIdentifier() throws ConfigurationException {
+		return this.oaTargetAreaIdentifier;
+	}
+
+	/**
+	 * @param hasBaseIdProcessingRestriction the hasBaseIdProcessingRestriction to set
+	 */
+	public void setHasBaseIdProcessingRestriction(boolean hasBaseIdProcessingRestriction) {
+		this.hasBaseIdProcessingRestriction = hasBaseIdProcessingRestriction;
+	}
+
+	/**
+	 * @param hasBaseIdTransfergRestriction the hasBaseIdTransfergRestriction to set
+	 */
+	public void setHasBaseIdTransfergRestriction(boolean hasBaseIdTransfergRestriction) {
+		this.hasBaseIdTransfergRestriction = hasBaseIdTransfergRestriction;
+	}
+
+	/**
+	 * @param oaTargetAreaIdentifier the oaTargetAreaIdentifier to set
+	 */
+	public void setAreaSpecificTargetIdentifier(String oaTargetAreaIdentifier) {
+		this.oaTargetAreaIdentifier = oaTargetAreaIdentifier;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName()
 	 */
 	@Override
-	public String getIdentityLinkDomainIdentifier() {
-		return this.businessTarget;
+	public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException {
+		return null;
 	}
 	
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget()
+//	 */
+//	//@Override
+//	public String getTarget() {
+//		return this.target;
+//	}
+//	
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
+//	 */
+//	//@Override
+//	public String getIdentityLinkDomainIdentifier() {
+//		return this.businessTarget;
+//	}
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL()
 	 */
@@ -164,7 +216,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType()
 	 */
-	@Override
+	//@Override
 	public String getIdentityLinkDomainIdentifierType() {
 		// TODO Auto-generated method stub
 		return null;
@@ -251,26 +303,26 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		return null;
 	}
 
-	/**
-	 * @param isBusinessService the isBusinessService to set
-	 */
-	public void setBusinessService(boolean isBusinessService) {
-		businessService = isBusinessService;
-	}
-
-	/**
-	 * @param target the target to set
-	 */
-	public void setTarget(String target) {
-		this.target = target;
-	}
-
-	/**
-	 * @param businessTarget the businessTarget to set
-	 */
-	public void setBusinessTarget(String businessTarget) {
-		this.businessTarget = businessTarget;
-	}
+//	/**
+//	 * @param isBusinessService the isBusinessService to set
+//	 */
+//	public void setBusinessService(boolean isBusinessService) {
+//		businessService = isBusinessService;
+//	}
+
+//	/**
+//	 * @param target the target to set
+//	 */
+//	public void setTarget(String target) {
+//		this.target = target;
+//	}
+//
+//	/**
+//	 * @param businessTarget the businessTarget to set
+//	 */
+//	public void setBusinessTarget(String businessTarget) {
+//		this.businessTarget = businessTarget;
+//	}
 
 	/**
 	 * @param inderfederatedIDP the inderfederatedIDP to set
@@ -400,27 +452,18 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		return this.publicURLPrefix;
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType()
-	 */
-	@Override
-	public String getOaType() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService()
-	 */
-	@Override
-	public boolean getBusinessService() {
-		return this.businessService;
-	}
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService()
+//	 */
+//	//@Override
+//	public boolean getBusinessService() {
+//		return this.businessService;
+//	}
 
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTargetFriendlyName()
 	 */
-	@Override
+	//@Override
 	public String getTargetFriendlyName() {
 		// TODO Auto-generated method stub
 		return null;
@@ -487,4 +530,6 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		// TODO Auto-generated method stub
 		return false;
 	}
+
+	
 }
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-10-13 13:18:11 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-10-13 13:18:11 +0200
commit	d703b4201def4ea55bc865da87010972d13a434e (patch)
tree	d9be30af066c7cf6281a15954318d40bf37131b5 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth
parent	1a80e310ed77110a8757b78b750a6a000495b16f (diff)
download	moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.gz moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.bz2 moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.zip