added outbound encryption

3 files changed, 34 insertions, 1 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 5166f090d..d6cacf4fe 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -39,7 +39,7 @@ public class Constants {
 	
 	//default implementations for eIDAS SAML-engine functionality
 	public static final String SAML_SIGNING_IMPLENTATION = "eu.eidas.auth.engine.core.impl.SignSW";
-	public static final String SAML_ENCRYPTION_IMPLENTATION = "eu.eidas.auth.engine.core.impl.EncryptionSW";
+	public static final String SAML_ENCRYPTION_IMPLENTATION = "at.gv.egovernment.moa.id.auth.modules.eidas.config.ModifiedEncryptionSW";
 	
 	//configuration property keys
 	public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
new file mode 100644
index 000000000..bdd8c8e72
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
@@ -0,0 +1,29 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.core.impl.EncryptionSW;
+
+/**
+ * This encryption module asks the moa configuration on whether to encrypt the response or not. In doubt, encryption is enforced.
+ */
+public class ModifiedEncryptionSW extends EncryptionSW {
+
+	@Override
+	public boolean isEncryptionEnable(String countryCode) {
+		// - encrypt if so configured
+		try {
+			AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance();
+			Boolean useEncryption = moaconfig.getStorkConfig().getCPEPS(countryCode).isXMLSignatureSupported();
+			Logger.info(useEncryption ? "using encryption" : "do not use encrpytion");
+			return useEncryption;
+		} catch(NullPointerException | ConfigurationException e) {
+			Logger.warn("failed to gather information about encryption for countryCode " + countryCode + " - thus, enabling encryption");
+			if(Logger.isDebugEnabled())
+				e.printStackTrace();
+			return true;
+		}
+	}
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 238c823cf..68ff0425a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -115,6 +115,10 @@ public class AuthenticationRequest implements IAction {
 		try {
 			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
 			
+			// encryption is done by the SamlEngine, i.e. by the module we provide in the config
+			// but we need to set the appropriate request issuer
+			engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
+
 			// check if we have the destination available, supply it if not
 			if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
 				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(