diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2018-10-03 12:54:53 +0200 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2018-10-03 12:54:53 +0200 |
commit | fd786b4402841508acef77e75bacd369efbbcf96 (patch) | |
tree | 6f9f52541348b4cd4c15afdb78455a9e45188924 /id/server/modules/moa-id-module-eIDAS/src | |
parent | 99ad40ac333c737165e3d7110642048da27a1c41 (diff) | |
download | moa-id-spss-fd786b4402841508acef77e75bacd369efbbcf96.tar.gz moa-id-spss-fd786b4402841508acef77e75bacd369efbbcf96.tar.bz2 moa-id-spss-fd786b4402841508acef77e75bacd369efbbcf96.zip |
add first raw code elements to collect eID4U attributes during a Austrian authentication process
Node: auth. process selection and attribute collection is NOT implemented, yet
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src')
5 files changed, 207 insertions, 1 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java new file mode 100644 index 000000000..3640d4d19 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java @@ -0,0 +1,74 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizenCardAuthModuleImpl { + + private int priority = 1; + + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + String selectedProcessID = super.selectProcess(context); + + if (MiscUtil.isNotEmpty(selectedProcessID)) { + //TODO: check if it is an eID4U auth. use-case + + + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:eid4u.Authentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java new file mode 100644 index 000000000..d0619d7f7 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -0,0 +1,31 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.logging.Logger; + +@Component("CollectAddtionalAttributesTask") +public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { + + @Override + public void execute(ExecutionContext arg0, HttpServletRequest arg1, HttpServletResponse arg2) + throws TaskExecutionException { + try{ + Logger.debug("Starting eID4U attribute collection process ... "); + + + } catch (Exception e) { + Logger.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index e8232ad68..7d92bbc83 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -8,4 +8,29 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentat at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier -at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder
\ No newline at end of file +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml new file mode 100644 index 000000000..fb6111d57 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml @@ -0,0 +1,67 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="DefaultAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + +<!-- + - National authentication with Austrian Citizen Card and mobile signature with our without mandate. + - Legacy authentication for foreign citizens using MOCCA supported signature cards. +--> + <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" /> + <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" /> + <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" /> + <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" /> + <pd:Task id="verifyCertificate" class="VerifyCertificateTask" async="true" /> + <pd:Task id="getMISMandate" class="GetMISSessionIDTask" async="true" /> + <pd:Task id="certificateReadRequest" class="CertificateReadRequestTask" /> + <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" /> + <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" /> + <pd:Task id="userRestrictionTask" class="UserRestrictionTask" /> + + <!-- eID4U extensions --> + <pd:Task id="collectAddtionalAttributesTask" class="CollectAddtionalAttributesTask" /> + + + + <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> + <pd:StartEvent id="start" /> + + <pd:Transition from="start" to="initializeBKUAuthentication" /> + + <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" /> + + <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" /> + + <pd:Transition from="verifyIdentityLink" to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" /> + <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" /> + + <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" /> + <!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. --> + + <pd:Transition from="certificateReadRequest" to="verifyCertificate" /> + <!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. --> + + <pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" /> + <pd:Transition from="verifyCertificate" to="getForeignID" /> + + <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" /> + <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" /> + + <pd:Transition from="prepareGetMISMandate" to="getMISMandate" /> + + <pd:Transition from="getMISMandate" to="userRestrictionTask" /> + <pd:Transition from="getForeignID" to="userRestrictionTask" /> + + + <pd:Transition from="userRestrictionTask" to="collectAddtionalAttributesTask" /> + + <!-- eID4U tasks for attribute collection --> + <pd:Transition from="collectAddtionalAttributesTask" to="finalizeAuthentication" /> + + + + <pd:Transition from="finalizeAuthentication" to="end" /> + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml index 20395f210..836e6319b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml @@ -9,6 +9,11 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + <bean id="eID4UAuthProcessImpl" + class="at.gv.egovernment.moa.id.auth.modules.eidas.AustrianAuthWitheID4UAuthenticationModulImpl"> + <property name="priority" value="1" /> + </bean> + <bean id="eIDASSignalServlet" class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASSignalServlet"/> @@ -30,5 +35,9 @@ <bean id="CreateIdentityLinkTask" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask" scope="prototype"/> + + <bean id="CollectAddtionalAttributesTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CollectAddtionalAttributesTask" + scope="prototype"/> </beans>
\ No newline at end of file |