Merge branch 'eIDAS_node_2.0_tests' into huge_refactoring

# Conflicts: # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java # id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml # id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java # id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java # id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java # id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java # id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java # id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java # id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java # id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java # id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java # id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java # id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
author: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-07-12 16:16:29 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-07-12 16:16:29 +0200
commit: 132681b9f3e00158b1671f50b23517462aa54afd (patch)
tree: cda5e6b321a44fbb54a959693a4afe71eb25bd6a /id/server/modules/moa-id-module-AT_eIDAS_connector
parent: 3535ae9500b29d0b2d0f317ea7f47a6c25c6f70e (diff)
parent: 3b1130e2366138871a92a1f83124a27fa83885dd (diff)
download: moa-id-spss-132681b9f3e00158b1671f50b23517462aa54afd.tar.gz
moa-id-spss-132681b9f3e00158b1671f50b23517462aa54afd.tar.bz2
moa-id-spss-132681b9f3e00158b1671f50b23517462aa54afd.zip
5 files changed, 70 insertions, 20 deletions
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
index 0f4f81122..19950a078 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
@@ -77,6 +77,7 @@ public class EidasCentralAuthConstants {
 					add(Trible.newInstance(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true));
 					add(Trible.newInstance(PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true));
 					add(Trible.newInstance(PVPConstants.EID_ISSUING_NATION_NAME, PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.EID_IDENTITY_LINK_NAME, PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME, false));
 				}
 			});
 	
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
index f1bec9dac..821a200c7 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
@@ -42,6 +42,8 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
 
 	@Autowired(required=true) private AuthenticationManager authManager;
 	
+	private int priority = 0;
+	
 	@PostConstruct
 	protected void initalCentralEidasAuthentication() {
 		//parameter to whiteList
@@ -55,8 +57,7 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
 	 */
 	@Override
 	public int getPriority() {
-		// TODO Auto-generated method stub
-		return 0;
+		return priority;
 	} 
 
 	/* (non-Javadoc)
@@ -65,20 +66,23 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
 	@Override
 	public String selectProcess(ExecutionContext context) {
 		Serializable paramObj = context.get(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION);
-		if (paramObj instanceof String) {
-			String param = (String)paramObj;
-			if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) {
-				Logger.debug("Centrial eIDAS authentication process selected ");
-				return "centrialEidasAuthentication";
+		if (paramObj != null ) {
+			if (paramObj instanceof String) {		
+				String param = (String)paramObj;
+				if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) {
+					Logger.debug("Centrial eIDAS authentication process selected ");
+					return "centrialEidasAuthentication";
 				
+				} else
+					Logger.trace(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION 
+							+ " is empty or has value: " + Boolean.parseBoolean(param));
+		
 			} else
-				Logger.trace(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION 
-						+ " is empty or has value: " + Boolean.parseBoolean(param));
+				Logger.info("Find suspect http param '" + EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION 
+						+ "' of type: " + paramObj.getClass().getName());
+		}		
+		return null;
 		
-		} else
-			Logger.info("Find suspect http param '" + EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION 
-					+ "' of type: " + paramObj.getClass().getName());
-		return null;		
 	}
 
 	/* (non-Javadoc)
@@ -89,4 +93,11 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
 		return new String[] { "classpath:eIDAS_central_node_auth.process.xml" };
 	}
 
+	/**
+	 * @param priority the priority to set
+	 */
+	public void setPriority(int priority) {
+		this.priority = priority;
+		
+	}
 }
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index e312299f8..c3c3331e1 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,6 +29,7 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringUtils;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -39,9 +40,11 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
@@ -51,6 +54,7 @@ import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthCo
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -87,9 +91,10 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 				
 			}
 						
-			// get entityID for central ms-specific eIDAS node 
-			String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
-					
+			// get entityID for central ms-specific eIDAS node 			
+			String msNodeEntityID = getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration());
+			
+			
 			if (MiscUtil.isEmpty(msNodeEntityID)) {
 				Logger.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!");
 				throw new MOAIDException("NO EntityID for central eIDAS node FOUND", null);
@@ -157,6 +162,35 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 		}
 	}
 
+	private String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration) {
+		//load from service-provider configuration
+		String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
+		
+		if (StringUtils.isEmpty(msNodeEntityID)) {
+			Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... ");
+			if (authConfig instanceof AuthConfiguration) {
+				AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig;					
+				List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
+						moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
+				
+				if (configuratedEntityIDs.size() > 0)
+					msNodeEntityID = configuratedEntityIDs.get(0);
+				else
+					Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... ");
+				
+			} else 
+				Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName()
+						+ "' Switch to generic Type ... ");
+				
+			
+			if (StringUtils.isEmpty(msNodeEntityID))
+				msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+			
+		}
+						
+		return msNodeEntityID;
+	}
+
 	private List<EAAFRequestedAttribute> buildRequestedAttributes() {
 		List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>();
 		
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
index 214a23f88..c034dc95e 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -114,8 +114,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			
 			if (MiscUtil.isEmpty(msg.getEntityID())) {
 				throw new InvalidProtocolRequestException("sp.pvp2.04", 
-						new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING},
-						"NO configuration for SP entityID: " + msg.getEntityID());
+						new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
 				
 			}
 
@@ -240,7 +239,10 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			revisionsLogger.logEvent(pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR);			
 			throw new AuthnResponseValidationException("sp.pvp2.05", 
-					new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, samlResp.getIssuer().getValue(), samlResp.getStatus().getStatusCode().getValue()});
+					new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, 
+									samlResp.getIssuer().getValue(), 
+									samlResp.getStatus().getStatusCode().getValue(), 
+									samlResp.getStatus().getStatusMessage().getMessage()});
 					
 		}
 								
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
index 9c6ee3c67..f57d4a94b 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
@@ -18,7 +18,9 @@
 				class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthMetadataController"/>
 				
 	<bean	id="EidasCentralAuthModuleImpl"
-				class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthModuleImpl"/>				
+				class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthModuleImpl">
+		<property name="priority" value="2" />
+	</bean>
 	
 	<bean	id="EidasCentralAuthSignalController"
 				class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthSignalController"/>
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-07-12 16:16:29 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-07-12 16:16:29 +0200
commit	132681b9f3e00158b1671f50b23517462aa54afd (patch)
tree	cda5e6b321a44fbb54a959693a4afe71eb25bd6a /id/server/modules/moa-id-module-AT_eIDAS_connector
parent	3535ae9500b29d0b2d0f317ea7f47a6c25c6f70e (diff)
parent	3b1130e2366138871a92a1f83124a27fa83885dd (diff)
download	moa-id-spss-132681b9f3e00158b1671f50b23517462aa54afd.tar.gz moa-id-spss-132681b9f3e00158b1671f50b23517462aa54afd.tar.bz2 moa-id-spss-132681b9f3e00158b1671f50b23517462aa54afd.zip