Merge branch 'eIDAS_node_2.0_tests' into huge_refactoring

# Conflicts:
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
#	id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
#	id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
#	id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
#	id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
#	id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
#	id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
#	id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
#	id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java

4 files changed, 213 insertions, 37 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index 6ecba5820..a2dfeba2f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -909,6 +909,18 @@ public boolean containsConfigurationKey(String arg0) {
 	
 }
 
+@Override
+public List<String> foreignbPKSectorsRequested() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN);
+	if (MiscUtil.isNotEmpty(value))
+		return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value));
+		
+	else
+		return null;
+	
+}
+
+
 
 @Override
 public Map<String, String> getFullConfiguration() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index d5328618a..fff019ae7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -441,41 +441,42 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		return result;
 	}
 
-	/**
-	 * Returns the {@link ConnectionParameter} for the ForeignID. NOTE: may return {@code null}.
-	 * 
-	 * @return the connection parameter.
-	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}.
-	 */
-	@Transactional
-	public ConnectionParameter getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException {
-		String serviceURL = null;
-		try {
-			//load OA specific MIS service URL if OA configuration exists
-			if (oaParameters != null)
-				serviceURL = oaParameters.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL);
-				
-			//get first entry from general configuration if no OA specific URL exists				
-			if (MiscUtil.isEmpty(serviceURL)) {
-					List<String> serviceURLs = KeyValueUtils.getListOfCSVValues(
-							configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL));
-					if (serviceURLs.size() > 0)
-						serviceURL = serviceURLs.get(0);
-										
-			}
-			
-			if (MiscUtil.isNotEmpty(serviceURL))
-				return new ConnectionParameterMandate(serviceURL, getFullConfigurationProperties(), getRootConfigFileDir());
-			
-			else
-				throw new ConfigurationException("service.09", new Object[]{"NO SZR-GW Service URL"});
-					
-		} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
-			Logger.warn("Initialize SZR-GW service connection parameters FAILED.", e);
-			throw new ConfigurationException("service.09", new Object[]{e.getMessage()}, e);
-			
-		}		
-	}
+//	/**
+//	 * Returns the {@link ConnectionParameter} for the ForeignID. NOTE: may return {@code null}.
+//	 * 
+//	 * @return the connection parameter.
+//	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}.
+//	 */
+//	@Transactional
+//	@Deprecated
+//	public ConnectionParameter getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException {
+//		String serviceURL = null;
+//		try {
+//			//load OA specific MIS service URL if OA configuration exists
+//			if (oaParameters != null)
+//				serviceURL = oaParameters.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
+//				
+//			//get first entry from general configuration if no OA specific URL exists				
+//			if (MiscUtil.isEmpty(serviceURL)) {
+//					List<String> serviceURLs = KeyValueUtils.getListOfCSVValues(
+//							configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
+//					if (serviceURLs.size() > 0)
+//						serviceURL = serviceURLs.get(0);
+//										
+//			}
+//			
+//			if (MiscUtil.isNotEmpty(serviceURL))
+//				return new ConnectionParameterMandate(serviceURL, getFullConfigurationProperties(), getRootConfigFileDir());
+//			
+//			else
+//				throw new ConfigurationException("service.09", new Object[]{"NO SZR-GW Service URL"});
+//					
+//		} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
+//			Logger.warn("Initialize SZR-GW service connection parameters FAILED.", e);
+//			throw new ConfigurationException("service.09", new Object[]{e.getMessage()}, e);
+//			
+//		}		
+//	}
 
 	/**
 	 * Returns the {@link ConnectionParameter} for the OnlineMandates. NOTE: may return {@code null}.
@@ -1056,7 +1057,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 					Logger.info("Online application with identifier " + id + " is found, but NOT active.");
 				
 			} else
-				Logger.warn("Online application with identifier " + id + " is not found.");
+				Logger.info("Online application with identifier " + id + " is not found.");
 				
 		
 		} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
@@ -1282,7 +1283,9 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 					//check AuthURL against ConfigurationURL
 					if (configuredURL.getHost().equals(requestedURL.getHost()) &&
 							configPort == authURLPort &&
-							configuredURL.getPath().equals(requestedURL.getPath())) {
+							( configuredURL.getPath().equals(requestedURL.getPath()) 
+									|| requestedURL.getPath().startsWith(configuredURL.getPath()) ) 
+							&& configuredURL.getProtocol().equals(requestedURL.getProtocol()) ) {
 						Logger.debug("Select configurated PublicURLPrefix: " + configuredURL 
 								+ " for authURL: " + requestedURL);
 						resultURL = configuredURL;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 86235a26d..390b77dab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -533,6 +533,13 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		return false;
 	}
 
+
+	@Override
+	public List<String> foreignbPKSectorsRequested() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 	@Override
 	public boolean containsConfigurationKey(String arg0) {
 		// TODO Auto-generated method stub
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
new file mode 100644
index 000000000..9c296e2b8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -0,0 +1,154 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.io.IOUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.Logger;
+
+@Service("UserWhiteList_Store")
+public class UserWhitelistStore {
+
+	@Autowired(required=true) AuthConfiguration authConfig;
+	
+	private List<String> whitelist = new ArrayList<String>();
+	private String absWhiteListUrl = null;
+	
+	@PostConstruct
+	private void initialize() {
+		String whiteListUrl = authConfig.getBasicConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE);
+		String internalTarget = authConfig.getBasicConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_SECTOR);		
+		if (MiscUtil.isEmpty(whiteListUrl) || MiscUtil.isEmpty(internalTarget)) 
+			Logger.debug("Do not initialize user whitelist. Reason: NO configuration path to CSV file or NO internal bPK target for whitelist");
+		
+		else {
+			if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_CDID))
+				internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_CDID.length());			
+			else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_WPBK))
+				internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_WPBK.length());
+			else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_EIDAS))
+				internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_EIDAS.length());
+			else {
+				Logger.warn("Sector: " + internalTarget + " is NOT supported for user whitelist.");
+				Logger.info("User whitelist-store MAY NOT contains all user from whitelist");
+			}
+			
+			try {				
+				absWhiteListUrl = new URL(FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getConfigurationRootDirectory()))
+											.toURI().toString().substring("file:".length());						
+				InputStream is = new FileInputStream(new File(absWhiteListUrl));
+				String whiteListString = IOUtils.toString(new InputStreamReader(is));
+				List<String> preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString));
+				
+				
+				
+				//remove prefix if required
+				for (String bPK : preWhitelist) {
+					String[] bPKSplit = bPK.split(":");
+					if (bPKSplit.length == 1)
+						whitelist.add(bPK);
+					
+					else if (bPKSplit.length ==2 ) {
+						if (internalTarget.equals(bPKSplit[0]))
+							whitelist.add(bPKSplit[1]);
+						else
+							Logger.info("Whitelist entry: " + bPK + " has an unsupported target. Entry will be removed ...");
+						
+					} else
+						Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ...");
+						
+				}
+				
+				Logger.info("User whitelist is initialized with " + whitelist.size() + " entries.");
+					
+				 
+			} catch (FileNotFoundException e) {
+				Logger.warn("Do not initialize user whitelist. Reason: CSV file with bPKs NOT found", e);
+
+			} catch (IOException e) {
+				Logger.warn("Do not initialize user whitelist. Reason: CSV file is NOT readable", e);
+				
+			} catch (URISyntaxException e) {
+				Logger.warn("Do not initialize user whitelist. Reason: CSV file looks wrong", e);
+				
+			}
+			
+		}
+		
+	}
+	
+	/**
+	 * Get the number of entries of the static whitelist
+	 * 
+	 * @return
+	 */
+	public int getNumberOfEntries() {
+		return whitelist.size();
+	}
+	
+	/**
+	 * Check if bPK is in whitelist
+	 * 
+	 * @param bPK
+	 * @return true if bPK is in whitelist, otherwise false
+	 */
+	public boolean isUserbPKInWhitelist(String bPK) {
+		if (whitelist != null)
+			return whitelist.contains(bPK);
+		else
+			return false;
+		
+	}
+	
+	public boolean isUserbPKInWhitelistDynamic(String bPK) {
+		return isUserbPKInWhitelistDynamic(bPK, false);
+		
+	}
+	
+	public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) {
+		try {
+			if (absWhiteListUrl != null) {
+				InputStream is = new FileInputStream(new File(absWhiteListUrl));
+				String whiteListString = IOUtils.toString(new InputStreamReader(is));
+				if (whiteListString != null && whiteListString.contains(bPK)) {
+					Logger.trace("Find user with dynamic whitelist check");
+					return true;
+							
+				} else {
+					Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... ");
+					if (!onlyDynamic)
+						return isUserbPKInWhitelist(bPK);
+				}
+			
+			}
+		} catch (Exception e) {
+			Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e);
+			
+		}
+		if (!onlyDynamic)
+			return isUserbPKInWhitelist(bPK);
+		
+
+		return false;
+	}
+	
+}