aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-02-09 15:35:15 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-02-09 15:35:15 +0100
commit3d6692ef16835b4ceeae3d3e85ea3bce053ab1a4 (patch)
tree06094019076da7cf85f1b56130a5c4c318d77ac6 /id/server/idserverlib
parentdd88bbb1a644575395a03dcd757c0e3174914724 (diff)
downloadmoa-id-spss-3d6692ef16835b4ceeae3d3e85ea3bce053ab1a4.tar.gz
moa-id-spss-3d6692ef16835b4ceeae3d3e85ea3bce053ab1a4.tar.bz2
moa-id-spss-3d6692ef16835b4ceeae3d3e85ea3bce053ab1a4.zip
add additional validation steps in eIDAS message processing
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java2
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties1
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties1
4 files changed, 17 insertions, 12 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 3264fc3bd..cad3354f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -71,7 +71,6 @@ import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
@@ -1105,16 +1104,20 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
String baseID = authData.getIdentificationValue();
String baseIDType = authData.getIdentificationType();
-
- String eIDASOutboundCountry = pendingReq.getGenericData(RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, String.class);
-
- //TODO: maybe find a better solution
- String cititzenCountryCode =
- authConfig.getBasicMOAIDConfiguration("moa.id.protocols.eIDAS.node.countrycode",
- MOAIDAuthConstants.COUNTRYCODE_AUSTRIA);
-
- if (Constants.URN_PREFIX_BASEID.equals(baseIDType)) {
- if (MiscUtil.isNotEmpty(eIDASOutboundCountry) && !cititzenCountryCode.equals(eIDASOutboundCountry)) {
+
+ if (Constants.URN_PREFIX_BASEID.equals(baseIDType)) {
+ //Calculate eIDAS identifier
+ if (oaParam.getBusinessService() &&
+ oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_EIDAS)) {
+ String[] splittedTarget = oaParam.getIdentityLinkDomainIdentifier().split("\\+");
+ String cititzenCountryCode = splittedTarget[1];
+ String eIDASOutboundCountry = splittedTarget[2];
+
+ if (cititzenCountryCode.equalsIgnoreCase(eIDASOutboundCountry)) {
+ Logger.warn("Suspect configuration FOUND!!! CitizenCountry equals DestinationCountry");
+
+ }
+
Pair<String, String> eIDASID = new BPKBuilder().buildeIDASIdentifer(baseIDType, baseID,
cititzenCountryCode, eIDASOutboundCountry);
Logger.debug("Authenticate user with bPK:" + eIDASID.getFirst() + " Type:" + eIDASID.getSecond());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index b612352c6..b87574d52 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -61,7 +61,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
public static final String DATAID_REQUESTER_IP_ADDRESS = "requesterIP";
- public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country";
+// public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country";
public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA";
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 79dc11f34..1a2f0d1d3 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -272,6 +272,7 @@ eIDAS.12=Received eIDAS AuthnRequest is not valid. Reason:{0}
eIDAS.13=Generation of eIDAS Response FAILED. Reason:{0}
eIDAS.14=eIDAS Response validation FAILED: LevelOfAssurance {0} is to low.
eIDAS.15=Generation of eIDAS Response FAILED. Required attribute: {0} is NOT available.
+eIDAS.16=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1}.
pvp2.01=Fehler beim kodieren der PVP2 Antwort
pvp2.02=Ungueltiges Datumsformat
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 8d6c77831..c6d0844ce 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -229,6 +229,7 @@ eIDAS.12=1305
eIDAS.13=1307
eIDAS.14=1301
eIDAS.15=1307
+eIDAS.16=1301
pvp2.01=6100
pvp2.06=6100