aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-AT_eIDAS_connector/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2018-07-12 16:16:29 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2018-07-12 16:16:29 +0200
commit132681b9f3e00158b1671f50b23517462aa54afd (patch)
treecda5e6b321a44fbb54a959693a4afe71eb25bd6a /id/server/modules/moa-id-module-AT_eIDAS_connector/src
parent3535ae9500b29d0b2d0f317ea7f47a6c25c6f70e (diff)
parent3b1130e2366138871a92a1f83124a27fa83885dd (diff)
downloadmoa-id-spss-132681b9f3e00158b1671f50b23517462aa54afd.tar.gz
moa-id-spss-132681b9f3e00158b1671f50b23517462aa54afd.tar.bz2
moa-id-spss-132681b9f3e00158b1671f50b23517462aa54afd.zip
Merge branch 'eIDAS_node_2.0_tests' into huge_refactoring
# Conflicts: # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java # id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml # id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java # id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java # id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java # id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java # id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java # id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java # id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java # id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java # id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java # id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java # id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
Diffstat (limited to 'id/server/modules/moa-id-module-AT_eIDAS_connector/src')
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java1
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java37
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java40
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java8
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml4
5 files changed, 70 insertions, 20 deletions
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
index 0f4f81122..19950a078 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
@@ -77,6 +77,7 @@ public class EidasCentralAuthConstants {
add(Trible.newInstance(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true));
add(Trible.newInstance(PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true));
add(Trible.newInstance(PVPConstants.EID_ISSUING_NATION_NAME, PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME, true));
+ add(Trible.newInstance(PVPConstants.EID_IDENTITY_LINK_NAME, PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME, false));
}
});
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
index f1bec9dac..821a200c7 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
@@ -42,6 +42,8 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
@Autowired(required=true) private AuthenticationManager authManager;
+ private int priority = 0;
+
@PostConstruct
protected void initalCentralEidasAuthentication() {
//parameter to whiteList
@@ -55,8 +57,7 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
*/
@Override
public int getPriority() {
- // TODO Auto-generated method stub
- return 0;
+ return priority;
}
/* (non-Javadoc)
@@ -65,20 +66,23 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
@Override
public String selectProcess(ExecutionContext context) {
Serializable paramObj = context.get(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION);
- if (paramObj instanceof String) {
- String param = (String)paramObj;
- if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) {
- Logger.debug("Centrial eIDAS authentication process selected ");
- return "centrialEidasAuthentication";
+ if (paramObj != null ) {
+ if (paramObj instanceof String) {
+ String param = (String)paramObj;
+ if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) {
+ Logger.debug("Centrial eIDAS authentication process selected ");
+ return "centrialEidasAuthentication";
+ } else
+ Logger.trace(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION
+ + " is empty or has value: " + Boolean.parseBoolean(param));
+
} else
- Logger.trace(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION
- + " is empty or has value: " + Boolean.parseBoolean(param));
+ Logger.info("Find suspect http param '" + EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION
+ + "' of type: " + paramObj.getClass().getName());
+ }
+ return null;
- } else
- Logger.info("Find suspect http param '" + EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION
- + "' of type: " + paramObj.getClass().getName());
- return null;
}
/* (non-Javadoc)
@@ -89,4 +93,11 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
return new String[] { "classpath:eIDAS_central_node_auth.process.xml" };
}
+ /**
+ * @param priority the priority to set
+ */
+ public void setPriority(int priority) {
+ this.priority = priority;
+
+ }
}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index e312299f8..c3c3331e1 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,6 +29,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -39,9 +40,11 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
@@ -51,6 +54,7 @@ import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthCo
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.logging.Logger;
@@ -87,9 +91,10 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
}
- // get entityID for central ms-specific eIDAS node
- String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
-
+ // get entityID for central ms-specific eIDAS node
+ String msNodeEntityID = getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration());
+
+
if (MiscUtil.isEmpty(msNodeEntityID)) {
Logger.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!");
throw new MOAIDException("NO EntityID for central eIDAS node FOUND", null);
@@ -157,6 +162,35 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
}
}
+ private String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration) {
+ //load from service-provider configuration
+ String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
+
+ if (StringUtils.isEmpty(msNodeEntityID)) {
+ Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... ");
+ if (authConfig instanceof AuthConfiguration) {
+ AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig;
+ List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
+ moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
+
+ if (configuratedEntityIDs.size() > 0)
+ msNodeEntityID = configuratedEntityIDs.get(0);
+ else
+ Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... ");
+
+ } else
+ Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName()
+ + "' Switch to generic Type ... ");
+
+
+ if (StringUtils.isEmpty(msNodeEntityID))
+ msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+
+ }
+
+ return msNodeEntityID;
+ }
+
private List<EAAFRequestedAttribute> buildRequestedAttributes() {
List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>();
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
index 214a23f88..c034dc95e 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -114,8 +114,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
if (MiscUtil.isEmpty(msg.getEntityID())) {
throw new InvalidProtocolRequestException("sp.pvp2.04",
- new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING},
- "NO configuration for SP entityID: " + msg.getEntityID());
+ new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
}
@@ -240,7 +239,10 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(pendingReq,
MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR);
throw new AuthnResponseValidationException("sp.pvp2.05",
- new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, samlResp.getIssuer().getValue(), samlResp.getStatus().getStatusCode().getValue()});
+ new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING,
+ samlResp.getIssuer().getValue(),
+ samlResp.getStatus().getStatusCode().getValue(),
+ samlResp.getStatus().getStatusMessage().getMessage()});
}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
index 9c6ee3c67..f57d4a94b 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
@@ -18,7 +18,9 @@
class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthMetadataController"/>
<bean id="EidasCentralAuthModuleImpl"
- class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthModuleImpl"/>
+ class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthModuleImpl">
+ <property name="priority" value="2" />
+ </bean>
<bean id="EidasCentralAuthSignalController"
class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthSignalController"/>