diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-10-13 13:18:11 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-10-13 13:18:11 +0200 |
commit | d703b4201def4ea55bc865da87010972d13a434e (patch) | |
tree | d9be30af066c7cf6281a15954318d40bf37131b5 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols | |
parent | 1a80e310ed77110a8757b78b750a6a000495b16f (diff) | |
download | moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.gz moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.bz2 moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.zip |
enable mandates for eIDAS nodes
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols')
8 files changed, 30 insertions, 65 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java index a6a5f1dd4..b4846db12 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java @@ -38,7 +38,7 @@ public class EIDSourcePIN implements IPVPAttributeBuilder { public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isBusinessService()) + if (authData.isBaseIDTransferRestrication()) throw new AttributePolicyException(EID_SOURCE_PIN_NAME); else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java index 1d836802a..ccaecb3b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; @@ -37,7 +36,7 @@ public class EIDSourcePINType implements IPVPAttributeBuilder { public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isBusinessService()) + if (authData.isBaseIDTransferRestrication()) throw new UnavailableAttributeException(EID_SOURCE_PIN_TYPE_NAME); else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index f4e69749c..a74ed4af5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -30,7 +30,9 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -74,24 +76,16 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui } try { - if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { - - /*TODO: some updates are required if we support bPKs in eIDAS context, because - * BPKBuilder().buildWBPK only supports Austrian wbPKs - */ - if (oaParam.getBusinessService()) { - bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier()); - - } else { - bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget()); - - } - + if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { + Pair<String, String> calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), + oaParam.getAreaSpecificTargetIdentifier()); + bpk = calcResult.getFirst(); + } else bpk = id.getValue().getValue(); } - catch (BuildException e) { + catch (BuildException | ConfigurationException e) { Logger.error("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index 69a731e53..82ebbb2b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -27,10 +27,7 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException; @@ -64,7 +61,7 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri IdentificationType id = null; id = physicalPerson.getIdentification().get(0); - if(oaParam.getBusinessService()) { + if(authData.isBaseIDTransferRestrication()) { throw new AttributePolicyException(this.getName()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index 643e30ac9..72691a034 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -227,9 +227,9 @@ public class AttributQueryAction implements IAction { } //check next IDP service area policy. BusinessService IDPs can only request wbPKs - if (!spConfig.getBusinessService() && !idp.isIDPPublicService()) { + if (!spConfig.hasBaseIdTransferRestriction() && !idp.isIDPPublicService()) { Logger.error("Interfederated IDP " + idp.getPublicURLPrefix() - + " has a BusinessService-IDP but requests PublicService attributes."); + + " is a BusinessService-IDP but requests PublicService attributes."); throw new MOAIDException("auth.34", new Object[]{nextIDPInformation.getIdpurlprefix()}); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java index 2df72637d..4aa4f7419 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java @@ -59,7 +59,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableEx import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; /** * @author tlenz @@ -70,7 +69,7 @@ public class AttributQueryBuilder { @Autowired IDPCredentialProvider credentialProvider; - public List<Attribute> buildSAML2AttributeList(IOAAuthParameters oa, Iterator<String> iterator) { + public List<Attribute> buildSAML2AttributeList(IOAAuthParameters oa, Iterator<String> iterator) throws ConfigurationException { Logger.debug("Build OA specific Attributes for AttributQuery request"); @@ -87,17 +86,13 @@ public class AttributQueryBuilder { } else { //add OA specific information if (rA.equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) { - if (oa.getBusinessService()) - attr = generator.buildStringAttribute(attr.getFriendlyName(), - attr.getName(), oa.getIdentityLinkDomainIdentifier()); - else - attr = generator.buildStringAttribute(attr.getFriendlyName(), - attr.getName(), Constants.URN_PREFIX_CDID + "+" + oa.getTarget()); + attr = generator.buildStringAttribute(attr.getFriendlyName(), + attr.getName(), oa.getAreaSpecificTargetIdentifier()); + } //TODO: add attribute values for SSO with mandates (ProfileList) - - + attrList.add(attr); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 55d8fa1ff..45539da3f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -60,11 +60,11 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; @@ -338,20 +338,8 @@ public class PVP2AssertionBuilder implements PVPConstants { } //set bPK-Type from configuration, because it MUST be equal to service-provider type - if (oaParam.getBusinessService()) { - if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) - bpktype = oaParam.getIdentityLinkDomainIdentifier(); - else - bpktype = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); - - } else { - if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+")) - bpktype = oaParam.getTarget(); - else - bpktype = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget(); - - } - + bpktype = oaParam.getAreaSpecificTargetIdentifier(); + } else { //sourcePin is include --> check sourcePinType if (MiscUtil.isEmpty(bpktype)) @@ -365,21 +353,10 @@ public class PVP2AssertionBuilder implements PVPConstants { } - if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { - if (oaParam.getBusinessService()) { - subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier())); - if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) - subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier()); - else - subjectNameID.setNameQualifier(Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier()); - - } else { - subjectNameID.setValue(new BPKBuilder().buildBPK(bpk, oaParam.getTarget())); - if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+")) - subjectNameID.setNameQualifier(oaParam.getTarget()); - else - subjectNameID.setNameQualifier(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); - } + if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { + Pair<String, String> calcbPK = new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, oaParam.getAreaSpecificTargetIdentifier()); + subjectNameID.setValue(calcbPK.getFirst()); + subjectNameID.setNameQualifier(calcbPK.getSecond()); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 5380d7f53..ab355646c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -217,6 +217,9 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider Logger.warn("Refresh PVP2X metadata for onlineApplication: " + entityID + " FAILED.", e); + } catch (ConfigurationException e) { + Logger.warn("Refresh PVP2X metadata for onlineApplication: " + + entityID + " FAILED.", e); } return false; @@ -484,13 +487,13 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider } - private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException { + private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException { PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate); filterChain.getFilters().add(new SchemaValidationFilter()); if (oaParam.isInderfederationIDP()) { Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies"); - filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oaParam.getBusinessService())); + filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oaParam.hasBaseIdTransferRestriction())); } |