change STORK QAA to eIDAS LoA

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-08-16 07:08:26 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-08-16 07:08:26 +0200
commit: a60b99e926ccd5c18baa36144922a94835819777 (patch)
tree: ab19e4609c2e4e8b1cd8d449c3ad83a8665fe355 /id/server/modules/moa-id-module-eIDAS/src
parent: a9c3d654ebd5af475c1fb634d4fb03d8499218ee (diff)
download: moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.tar.gz
moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.tar.bz2
moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.zip
3 files changed, 20 insertions, 23 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index eb32d1d12..7664eec86 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -78,7 +78,9 @@ public class Constants {
 	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
 	public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
 	public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName";	
-	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";
+	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";	
+	public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier";
+	public static final String eIDAS_ATTR_LEGALNAME = "LegalName";
 		
 	//http endpoint descriptions
 	public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index ee71e8e6b..a3fd51c4c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -94,23 +94,25 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			//get service-provider configuration
 			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
 
-			// get target country
+			// get target and validate citizen countryCode
 			String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
 
 			if (StringUtils.isEmpty(citizenCountryCode)) {
 				// illegal state; task should not have been executed without a selected country
 				throw new AuthenticationException("eIDAS.03", new Object[] { "" });
+				
 			}
-
 			CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
 			if(null == cpeps) {
 				Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
 				throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
 			}
 			Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
+
+			
+			// select SingleSignOnService Endpoint from eIDAS-node metadata 
 			String destination = null;
 			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
-
 			try {
 				EntityDescriptor eIDASNodeMetadata = eIDASMetadataProvider.getEntityDescriptor(metadataUrl);
 				if (eIDASNodeMetadata != null) {
@@ -129,10 +131,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 				Logger.warn("Load eIDAS metadata from node:" + metadataUrl + " FAILED with an error.", e);
 				
 			}
-			
-			
+
+			// load SingleSignOnService Endpoint from configuration, if Metadata contains no information
+			// FIXME convenience function for not standard conform metadata 
 			if (MiscUtil.isEmpty(destination)) {
-				destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
+				destination = cpeps.getPepsURL().toString().split(";")[1].trim(); 
 				
 				if (MiscUtil.isNotEmpty(destination))
 					Logger.debug("Use eIDAS node destination URL:" + destination + " from configuration");
@@ -189,11 +192,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
 			authnRequestBuilder.issuer(issur);
 			authnRequestBuilder.destination(destination);
+						
+			authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);			
 			
+			//set minimum required eIDAS LoA from OA config			
+			authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel()));			
 			authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM);
-			authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);			
-			//TODO: load from OA-Configuration
-			authnRequestBuilder.levelOfAssurance(LevelOfAssurance.LOW);			
 			
 			//set correct SPType for this online application
 			if (oaConfig.getBusinessService())
@@ -202,8 +206,9 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 				authnRequestBuilder.spType(SpType.PUBLIC);
 			
 			
-			//TODO: make it loadable from config
-			authnRequestBuilder.serviceProviderCountryCode("AT");
+			//set service provider (eIDAS node) countryCode 
+			authnRequestBuilder.serviceProviderCountryCode(
+					authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"));
 			
 			//set citizen country code for foreign uses
 			authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode());
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index cb91d5fa3..9fab58f94 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -350,17 +350,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
         			eIDASRespBuilder.statusMessage(e.getMessage());
      			
         		}
-     		        		
-        		if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
-    				String assertionConsumerUrl = MetadataUtil.getAssertionConsumerUrlFromMetadata(
-    						SAMLEngineUtils.getMetadataFetcher(),
-    						SAMLEngineUtils.getMetadataSigner(),
-    						eidasReq.getEidasRequest());
-    				
-    				//TODO: set AssertionConsumerService is required?
-    				
-    			}
-        		
+     		        		    		
         		eIDASRespBuilder.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName());
         		eIDASRespBuilder.inResponseTo(eidasReq.getEidasRequest().getId());
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-08-16 07:08:26 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-08-16 07:08:26 +0200
commit	a60b99e926ccd5c18baa36144922a94835819777 (patch)
tree	ab19e4609c2e4e8b1cd8d449c3ad83a8665fe355 /id/server/modules/moa-id-module-eIDAS/src
parent	a9c3d654ebd5af475c1fb634d4fb03d8499218ee (diff)
download	moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.tar.gz moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.tar.bz2 moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.zip