aboutsummaryrefslogtreecommitdiff
path: root/id/server/moa-id-commons/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-10-13 13:18:11 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-10-13 13:18:11 +0200
commitd703b4201def4ea55bc865da87010972d13a434e (patch)
treed9be30af066c7cf6281a15954318d40bf37131b5 /id/server/moa-id-commons/src/main/java
parent1a80e310ed77110a8757b78b750a6a000495b16f (diff)
downloadmoa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.gz
moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.bz2
moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.zip
enable mandates for eIDAS nodes
Diffstat (limited to 'id/server/moa-id-commons/src/main/java')
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java5
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java14
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java62
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java1
4 files changed, 58 insertions, 24 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
index f53bfd90c..6f6735d48 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
@@ -192,9 +192,12 @@ public class MOAIDAuthConstants extends MOAIDConstants{
public static final String PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE = MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE;
//General protocol-request data-store keys
+ public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate";
+
+ @Deprecated
public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target";
+ @Deprecated
public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName";
- public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate";
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
index e9f9a7e80..98f0616a5 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
@@ -28,6 +28,8 @@ import java.util.Hashtable;
import java.util.List;
import java.util.Map;
+import at.gv.egovernment.moa.util.Constants;
+
/**
* @author tlenz
*
@@ -40,9 +42,15 @@ public class MOAIDConstants {
public static final String FILE_URI_PREFIX = "file:/";
- public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";
- public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+";
- public static final String PREFIX_EIDAS = "urn:publicid:gv.at:eidasid+";
+ public static final String PREFIX_BASEID = Constants.URN_PREFIX_BASEID;
+ public static final String PREFIX_PBK = Constants.URN_PREFIX_BPK;
+ public static final String PREFIX_HPI = Constants.URN_PREFIX_HPI;
+
+ public static final String PREFIX_CDID = Constants.URN_PREFIX_CDID + "+";
+ public static final String PREFIX_WPBK = Constants.URN_PREFIX_WBPK + "+";
+ public static final String PREFIX_STORK = Constants.URN_PREFIX_STORK + "+";
+ public static final String PREFIX_EIDAS = Constants.URN_PREFIX_EIDAS + "+";
+
public static final String IDENIFICATIONTYPE_FN = "FN";
public static final String IDENIFICATIONTYPE_ERSB = "ERSB";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 298d3e84e..1e1bfa94b 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -31,6 +31,7 @@ import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
/**
* @author tlenz
@@ -38,6 +39,9 @@ import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
*/
public interface IOAAuthParameters {
+ public static final String CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL = "configuration.restrictions.baseID.idpProcessing";
+ public static final String CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION = "configuration.restrictions.baseID.spTransmission";
+
public static final String THIRDBKU = "thirdBKU";
public static final String HANDYBKU = "handy";
public static final String LOCALBKU = "local";
@@ -67,20 +71,52 @@ public interface IOAAuthParameters {
public String getFriendlyName();
public String getPublicURLPrefix();
-
- public String getOaType();
- public boolean getBusinessService();
+ /**
+ * Indicates if this online applications has private area restrictions that disallow baseId processing in general
+ * This restriction is evaluated from area-identifier of this online application and a policy from configuration.
+ * The configuration key 'configuration.restrictions.baseID.idpProcessing' specifies a list of comma-separated values
+ * of area-identifier prefixes that are allowed to receive a baseID. By default only the prefix
+ * 'urn:publicid:gv.at:cdid+' is allowed to receive baseIDs
+ *
+ * @return true if there is a restriction, otherwise false
+ * @throws ConfigurationException In case of online-application configuration has public and private identifies
+ */
+ public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException;
+
/**
- * Get target of a public service-provider
+ * Indicates if this online applications has private area restrictions that disallow baseId transfer to OA
+ * This restriction is evaluated from area-identifier of this online application and a policy from configuration.
+ * The configuration key 'configuration.restrictions.baseID.spTransmission' specifies a list of comma-separated values
+ * of area-identifier prefixes that are allowed to receive a baseID. By default only the prefix
+ * 'urn:publicid:gv.at:cdid+' is allowed to receive baseIDs
*
- * @return target identifier without prefix
+ * @return true if there is a restriction, otherwise false
+ * @throws ConfigurationException In case of online-application configuration has public and private identifies
*/
- public String getTarget();
+ public boolean hasBaseIdTransferRestriction() throws ConfigurationException;
- public String getTargetFriendlyName();
+ /**
+ * Get the full area-identifier for this online application to calculate the
+ * area-specific unique person identifier (bPK, wbPK, eIDAS unique identifier, ...).
+ * This identifier always contains the full prefix
+ *
+ * @return area identifier with prefix
+ * @throws ConfigurationException In case of online-application configuration has public and private identifies
+ */
+ public String getAreaSpecificTargetIdentifier() throws ConfigurationException;
+
+ /**
+ * Get a friendly name for the specific area-identifier of this online application
+ *
+ * @return fiendly name of the area-identifier
+ * @throws ConfigurationException In case of online-application configuration has public and private identifies
+ */
+ public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException;
+
+
public boolean isInderfederationIDP();
public boolean isSTORKPVPGateway();
@@ -88,13 +124,6 @@ public interface IOAAuthParameters {
public boolean isRemovePBKFromAuthBlock();
/**
- * Return the private-service domain-identifier with PreFix
- *
- * @return the identityLinkDomainIdentifier
- */
- public String getIdentityLinkDomainIdentifier();
-
- /**
* @return the keyBoxIdentifier
*/
public String getKeyBoxIdentifier();
@@ -142,11 +171,6 @@ public interface IOAAuthParameters {
*/
public List<String> getMandateProfiles();
- /**
- * @return the identityLinkDomainIdentifierType
- */
- public String getIdentityLinkDomainIdentifierType();
-
public boolean isShowMandateCheckBox();
public boolean isOnlyMandateAllowed();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 2a4e3b362..1d94e5da0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -454,7 +454,6 @@ public interface Constants {
/** URN prefix for context dependent id (stork). */
public static final String URN_PREFIX_STORK = URN_PREFIX + ":storkid";
- //TODO: update to eIDAS prefix
/** URN prefix for context dependent id (eIDAS). */
public static final String URN_PREFIX_EIDAS = URN_PREFIX + ":eidasid";