aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src/main
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-08-16 07:08:26 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-08-16 07:08:26 +0200
commita60b99e926ccd5c18baa36144922a94835819777 (patch)
treeab19e4609c2e4e8b1cd8d449c3ad83a8665fe355 /id/server/modules/moa-id-module-eIDAS/src/main
parenta9c3d654ebd5af475c1fb634d4fb03d8499218ee (diff)
downloadmoa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.tar.gz
moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.tar.bz2
moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.zip
change STORK QAA to eIDAS LoA
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java27
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java12
3 files changed, 20 insertions, 23 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index eb32d1d12..7664eec86 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -78,7 +78,9 @@ public class Constants {
public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName";
- public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";
+ public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";
+ public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier";
+ public static final String eIDAS_ATTR_LEGALNAME = "LegalName";
//http endpoint descriptions
public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index ee71e8e6b..a3fd51c4c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -94,23 +94,25 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
//get service-provider configuration
IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
- // get target country
+ // get target and validate citizen countryCode
String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
if (StringUtils.isEmpty(citizenCountryCode)) {
// illegal state; task should not have been executed without a selected country
throw new AuthenticationException("eIDAS.03", new Object[] { "" });
+
}
-
CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
if(null == cpeps) {
Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
}
Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
+
+
+ // select SingleSignOnService Endpoint from eIDAS-node metadata
String destination = null;
String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
-
try {
EntityDescriptor eIDASNodeMetadata = eIDASMetadataProvider.getEntityDescriptor(metadataUrl);
if (eIDASNodeMetadata != null) {
@@ -129,10 +131,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
Logger.warn("Load eIDAS metadata from node:" + metadataUrl + " FAILED with an error.", e);
}
-
-
+
+ // load SingleSignOnService Endpoint from configuration, if Metadata contains no information
+ // FIXME convenience function for not standard conform metadata
if (MiscUtil.isEmpty(destination)) {
- destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
+ destination = cpeps.getPepsURL().toString().split(";")[1].trim();
if (MiscUtil.isNotEmpty(destination))
Logger.debug("Use eIDAS node destination URL:" + destination + " from configuration");
@@ -189,11 +192,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
authnRequestBuilder.issuer(issur);
authnRequestBuilder.destination(destination);
+
+ authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
+ //set minimum required eIDAS LoA from OA config
+ authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel()));
authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM);
- authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
- //TODO: load from OA-Configuration
- authnRequestBuilder.levelOfAssurance(LevelOfAssurance.LOW);
//set correct SPType for this online application
if (oaConfig.getBusinessService())
@@ -202,8 +206,9 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
authnRequestBuilder.spType(SpType.PUBLIC);
- //TODO: make it loadable from config
- authnRequestBuilder.serviceProviderCountryCode("AT");
+ //set service provider (eIDAS node) countryCode
+ authnRequestBuilder.serviceProviderCountryCode(
+ authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"));
//set citizen country code for foreign uses
authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode());
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index cb91d5fa3..9fab58f94 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -350,17 +350,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
eIDASRespBuilder.statusMessage(e.getMessage());
}
-
- if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
- String assertionConsumerUrl = MetadataUtil.getAssertionConsumerUrlFromMetadata(
- SAMLEngineUtils.getMetadataFetcher(),
- SAMLEngineUtils.getMetadataSigner(),
- eidasReq.getEidasRequest());
-
- //TODO: set AssertionConsumerService is required?
-
- }
-
+
eIDASRespBuilder.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName());
eIDASRespBuilder.inResponseTo(eidasReq.getEidasRequest().getId());